ISO 27001:2005 (Information Security Management System). It is the standard, which specifies requirements for implementation, establishment, operation, monitoring, research, maintenance and improvement of documented Information Security Management Systems (ISMS). It specifies requirements for establishment of a safety control, adapted according to needs of an organization. The organization declares the assurance of information security management system requirements by certification according to BS 7799-2 / ISO 27001:2005.
ISO 27001 specifies the Plan-Do-Check-Act (PDCA) model for continual quality improvement. The PDCA cycle helps "the organization to know how far and how well it has progressed" and "influences the time and cost estimates to achieve compliance." ISMS as "a systematic approach to managing sensitive company information so that it remains secure. ISMS encompasses people, processes, and IT systems."
Information security is achieved by applying a suitable set of controls (policies, processes, procedures, organizational structures, and software and hardware functions).
ISO 27001 is suited to any organization that manages assets - data, people, software and intellectual property. This includes government departments (or their critical suppliers such as mailing houses, or data warehouses), energy providers and utilities, banks, insurance companies and corporate across all sectors of the economy.
Benefits of Information Security ISO 27001:2005
" A valuable framework for resolving security issues.
" Enhancement of client confidence & perception of your organization.
" Enhancement of business partners confidence & perception of your organization.
" Provides confidence that you have managed risk in your own security implementation.
" Enhancement of security awareness within an organization.
" Assists in the development of best practice.
" Can often be a deciding differentiators between competing organizations
Source: http://www.globalmanagergroup.com
You can find more about ISO Documents here.
