© All rights reserved.

ITIL Forum

Click me !

Click one of our

areas below:

quick find

Sponsorship, Terms of Use & Copyright

Site Map

Home  What is ITIL  ITIL Training  Bookshop  Reviews  Shop  ITIL Forum  Links  Downloads  ITIL Jobs  Search  Contact

Home ITIL people What is ITIL ITIL Training Bookshop Reviews Shop ITIL Forum Links Downloads ITIL Jobs Search Contact
The Free ITIL & Best Practice Resource Website

Help us keep this site going by clicking on the

Donate button to use PayPal and donate £1.  Thanks!

This box is called an opportunity box and the text you’re now reading could be your advert.  Whether you’re a company or an individual wishing to advertise your services, products or  skillset and availability Contact Us to enquire and fill this box to create your opportunity.



ISO 27001 download What is ISO27001?

Tell a Friend

ISO27001 is the International Standard for Information Security – it outlines an auditable framework for a robust Information Security Management System (ISMS).  It recognises the importance of Information as a valuable asset of the business and, therefore, information confidentiality, integrity and availability is paramount.   Although obtaining ISO 27001 Certification does not guarantee that an organisations information is ‘secure’, it does mean that the organisation has engaged in activities to identify and manage security risks which, therefore, reduces the likelihood of Information Security breaches.  There are many benefits for an organisation achieving ISO 27001 Certification: It provides increased ‘customer confidence’ as well as increasing the confidence of suppliers, partners and stakeholders that the organisations information systems are secure; it demonstrates credibility; it demonstrates relevant legislation and Regulations are being met; it demonstrates a commitment to Information Security throughout the organisation; from the top down; it may realise cost savings via reduced security breaches.  ‘Information’ includes that kept on computer systems, paper, transmitted by post, email, films, spoken conversations – in fact, any information stored on whatever media. ISO 27001 aims to preserve information: Confidentiality, Integrity and Availability.  The Standard itself contains many control objectives and specified controls:


     · Security Policy

· Organisational Security

· Asset Classification and Control

· Personnel Security

· Physical and Environmental Security

· Communications and Operations Management

· Access Control

· System Development and Maintenance

· Business Continuity Management

· Compliance


To implement an ISO 27001 Information Security Management System (ISMS), firstly the organisation must define the Scope of the ISMS i.e., the top level aims and objectives and, define an Information Policy.  Secondly, the organisation needs to define a method of security risk assessment and, identify the risks and assess them.  This will also aid in the identification of the security requirements.  Finally, Controls (which may be policies, practices, procedures, organisational structures and software functions) need to be selected and implemented to monitor and manage the security requirements and identified risks.


Once an organisation has carried out the above, they may engage an accredited external auditor.  The Auditor will review documentation including the ISO 27001 Scope, Security Policy, risk assessments, risk treatment plan, Statement of Applicability, processes and procedures.  The Auditor will attend the organisation to check the implemented controls (practices, procedures etc.) are being followed.  


Only after a successful ISO 27001 audit will the organisation be awarded Certification.  The Auditors will then visit once or twice per year to carry out ‘surveillance visits’ – ensuring the ISMS is being adhered to and, continues to be effective.



Given that ISO Standards are based on the ‘Plan-Do-Check-Act’ cycle of continuous improvement, it is rare for organisations to not receive some minor non compliance items.  



Wait!  Did you know we also have a selection of ISO/IEC 27001 books? Click to view our ISO27001 YouTube presentation.