ISO IEC 27001 2013 Plain English Introduction

EXECUTIVE SUMMARY

ISO IEC 27001 2013 is an information security management standard.
It defines a set of information security management requirements.
The official complete name of this standard is ISO/IEC 27001:2013
Information technology - Security techniques - Information security
management systems - Requirements
. These requirements can
be found in the following seven sections:

  1. Context
  2. Leadership
  3. Planning
  4. Support
  5. Operation
  6. Evaluation
  7. Improvement

According to ISO IEC 27001, you must meet every requirement
if you wish to claim that your information security management
system (ISMS) complies with this standard.

SCOPE OF STANDARD

ISO IEC 27001 is a generic information security management
standard. It can be used by any organization. It doesnít matter
what size it is or what it does.

The purpose of ISO IEC 27001 is to help organizations to establish
and maintain an information security management system (ISMS).
An ISMS is a set of interrelated elements that organizations use to
manage and control information security risks and to protect and
preserve the confidentiality, integrity, and availability of information.
These elements include all of the policies, procedures, processes,
plans, practices, roles, responsibilities, resources, and structures
that are used to manage security risks and to protect information.

While ISO IEC 27001 says that you must meet every single
requirement (sections 4 to 10), exactly how you do this is up to
you and will depend on your organization's objectives, its unique
information security risks and requirements, and the needs and
expectations of interested parties. It will also be influenced by its
inherent complexity and its corporate context. Exactly how you
apply the standard will depend upon your organization's unique
structure, its legal, regulatory, and contractual obligations,
and the processes it uses to deliver its products and services.

HOW TO USE ISO IEC 27001

If you donít already have an information security management
system (ISMS), you can use the ISO IEC 27001 2013 standard to
establish one. And once youíve established your organizationís
ISMS, you can use it to protect and preserve the confidentiality,
integrity, and availability of information and to manage and
control your information security risks.

ISO IEC 27001 is designed to be used for certification purposes.
Once you've established an ISMS that meets ISOís requirements
and deals with your organization's unique risks, you can ask a
registrar (certification body) to audit your system. If you pass the
audit, your registrar will issue an official certificate that states that
your ISMS meets the ISO IEC 27001 2013 requirements.

While ISO IEC 27001 2013 is specifically designed to be used
for certification purposes, you donít have to become certified.
You can be in compliance without being formally registered
by an accredited certification body.

You can self-audit your information security management
system and then announce to the world that it complies with
the ISO IEC 27001 standard (assuming that it actually does).
Of course, your compliance claim may have more credibility
if an independent certification body or registrar has audited
your ISMS and agrees with your claim.


MORE ISO IEC 27001 2013 PAGES

Plain English Outline of ISO IEC 27001 2013

Plain English Overview of ISO IEC 27001 2013

ISO IEC 27000 2012 Definitions in Plain English

ISO IEC 27001 2013 Translated into Plain English

ISO IEC 27001 2005 versus ISO IEC 27001 2013

Plain English Information Security Checklist

Introduction to ISO IEC 27001 2013 Annex A

Information Security Gap Analysis Tool


ISO IEC 27002 2013 PAGES

ISO IEC 27002 2013 Introduction

Overview of ISO IEC 27002 2013 Standard

Information Security Control Objectives

How to Use ISO IEC 27002 2013 Standard

ISO IEC 27002 2013 versus ISO IEC 27002 2005

ISO IEC 27002 2013 Translated into Plain English

ISO IEC 27002 2013 Information Security Audit Tool

Plain English ISO IEC 27002 2013 Security Checklist

Updated on April 23, 2014. First published on November 12, 2013.

Home Page

Our Libraries

A to Z Index

Our Customers

How to Order

Our Products

Our Prices

Our Guarantee

Praxiom Research Group Limited         help@praxiom.com        780-461-4514


Legal Restrictions on the Use of this Page
Thank you for visiting this webpage. You are welcome to view our material as often as
you wish, free of charge. And as long as you keep intact all copyright notices, you are also
welcome to print or make one copy of this page for your own personal, noncommercial,
home use. But, you are not legally authorized to print or produce additional copies or to
copy and paste any of our material onto another web site or to republish it in any way.

Copyright © 2013 - 2014 by Praxiom Research Group Limited. All Rights Reserved.

Praxiom Research Group Limited