BS EN ISO/IEC 27001:2017

ISO/IEC 27001:2022 is now available here on BSI Knowledge. ISO/IEC 27001:2022 is the newest revision of the information security management systems ISO/IEC 27001:2022.

A tracked changes version of this standard is available. ISO/IEC 27001:2022 TC is the latest version of the standard that includes the original standard content and recent changes. Shop now.

What is ISO/IEC 27001 - Information security management systems about?

ISO/IEC 27001 specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system within the context of the organization.

This standard also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization.

Note: Excluding any of the requirements specified in Clauses 4 to 10 is not acceptable when an organization claims conformity to ISO/IEC 27001.

Who is ISO/IEC 27001 - Information security management systems for?

ISO/IEC 27001 is useful for:

• All organizations

Why should you use ISO/IEC 27001 - Information security management systems?

The information security management system preserves the confidentiality, integrity, and availability of information by applying a risk management process and gives confidence to interested parties that risks are adequately managed.

It is important that the information security management system is part of and integrated with the organization’s processes and overall management structure and that information security is considered in the design of processes, information systems, and controls. It is expected that an information security management system implementation will be scaled in accordance with the needs of the organization.

ISO/IEC 27001 provides requirements for establishing, implementing, maintaining, and continually improving an information security management system.

The adoption of an information security management system is a strategic decision for an organization.

The establishment and implementation of an organization’s information security management system are influenced by the organization’s needs and objectives, security requirements, the organizational processes used, and the size and structure of the organization. All of these influencing factors are expected to change over time.