ISO 27001
Formally known as ISO/IEC 27001:2005, ISO 27001 is a specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organization’s information risk management processes.
ISO 27001:2013 (the current version of ISO 27001) provides a set of standardized requirements for an Information Security Management System (ISMS). The standard adopts a process-based approach for establishing, implementing, operating, monitoring, maintaining, and improving your ISMS.
Who Needs ISO 27001?
Organizations that claim to have adopted ISO/IEC 27001 can, therefore, be formally audited and certified compliant with the standard. ISO/IEC 27001 requires that management systematically examines the organization’s information security risks, taking account of the threats, vulnerabilities, and impacts.
How Long Does ISO 27001 Certification Take?
It usually takes between three to six months, but this depends on the size of the organization and how many sites they have. Smooth implementation is helped greatly by management’s buy-in and an ISO 27001 champion to take responsibility for achieving certification.
