What is this standard about?
BS EN ISO/IEC 27001:2017 is the internationally acclaimed standard for information security management. It is the baseline standard of the ISO 27000 series of international information security management standards and the foundation standard for implementing an Information Security Management System (ISMS).
Who is this standard for?
Anyone planning to build, operate, audit or certify an ISMS system. It will also be useful to anyone with an interest in integrated management systems, or a general interest in assessing information security measures.
Why should you use this standard?
Since their inception in the early 1990s, global information security standards have grown in rigor and recognition. So too have information security threats and the best ways to manage them.This standard reflects current best practice for information security management.It provides specific recommendations to help you establish an ISMS, monitor its performance and implement improvements when necessary. It also enables external assessment and certification of an organization’s information security.
This standard is not unnecessarily prescriptive, allowing great flexibility in how requirements are satisfied and giving organizations freedom to implement requirements in a manner best suited to them.
It uses BS EN ISO/IEC 27002:2017, a Code of Practice for information security controls – with which it fully aligns – as its source of possible security measures.
BS EN ISO/IEC 27001 and BS EN ISO/IEC 27002 are supported by a wide range of other specialist standards in the 27000 series.
What’s changed since the last update?
This is a technical update of the previous edition. In addition it follows the new high level structure common to all recent management system standards. This allows easy integration when implementing more than one management system within your organization, for example when combining information security with quality (BS EN ISO 9001:2015) or environmental management (BS EN ISO 14001:2015).