Customer Service:
Mon - Fri: 8:30 am - 6 pm EST


INCITS/ISO/IEC 27001-2005

Information technology - Security techniques - Information security management systems - Requirements

This International Standard covers all types of organizations (e.g. commercial enterprises, government agencies, non-profit organizations). This International Standard specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented ISMS within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof.
The ISMS is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties.
NOTE 1: References to 'business' in this International Standard should be interpreted broadly to mean those activities that are core to the purposes for the organization's existence.
NOTE 2: ISO/IEC 17799 provides implementation guidance that can be used when designing controls.

Content Provider
InterNational Committee for Information Technology Standards [INCITS]

Others Also Bought

INCITS/ISO/IEC 27002-2005
Information technology - Security techniques - Code of practice for information security management <b>(Redesignation of ...
INCITS/ISO/IEC 17799-2005
Information technology - Security techniques - Code of practice for information security management
INCITS/ISO/IEC 27006:2007[2008]
Information technology - Security techniques - Requirements for bodies providing audit and certification of information security ...

As the voice of the U.S. standards and conformity assessment system, the American National Standards Institute (ANSI) empowers its members and constituents to strengthen the U.S. marketplace position in the global economy while helping to assure the safety and health of consumers and the protection of the environment.