What is ISO?
The International Organisation for Standardisation (ISO) is an independent, non-governmental organisation with 164 national standards bodies. Through its members, it develops international standards for products, services and systems. The ISO2700 family helps organisations keep information assets secure. ISO27001 is the most well-known of the family. This sets out the requirement for an Information Security Management System (ISMS).
An ISMS is a systematic approach to managing sensitive company information so that it remains secure. Management must be able to demonstrate that they continuously identify, examine and manage security risks through the application of appropriate controls. Company assets that must be considered include people, processes and IT systems. The standard sets out 14 domains that are broken down into 114 controls. The domains are:
- Information security policies
- Organisation of information security
- Human resource security
- Asset management
- Access control
- Physical and environmental security
- Operations security
- Communications security
- System acquisition, development and maintenance
- Supplier relationships
- Information security incident management
- Information security aspects of business continuity management
- Compliance; with internal requirements, such as policies, and with external requirements, such as laws