ISO IEC 27001 2013
          Plain English Overview

This web page presents a Plain English overview of the new
ISO IEC 27001 information security standard. For a more detailed
version,
please see ISO IEC 27001 2013 Translated into Plain English.

Part 4 Context asks you to understand your organization
and its context before you establish its information security
management system (ISMS). It asks you to identify the issues that
are relevant to your organization's purpose and to consider the
influence these issues could have on its ability to achieve the
outcomes and objectives that its ISMS needs to achieve.

This means that you need to understand your organization's
approach to governance, its capabilities, its culture, its contracts,
its stakeholders, its interested parties, its environmental conditions,
and its legal obligations before you develop its ISMS. Why? Because
your ISMS will need to be able to cope with all of these influences.
Once youíve considered all of this, you're ready to define the
scope of your ISMS and to begin its development.

Part 5 Leadership asks your organization's top management
to provide leadership for its ISMS by showing they support it, by
making sure that people understand how important information
security actually is, by assigning responsibility and authority
for it, and by establishing an information security policy.

Part 6 Planning asks you to identify the risks and opportunities
that could influence the effectiveness of your organization's ISMS
or disrupt its operation and then to figure out what you need to
do to address these risks and opportunities.

It also asks you to assess your organizationís information security
risks, to select risk treatment options, to choose the information
security controls that are needed to implement these options,
and to formulate a risk treatment plan.

Finally, it asks you to establish information security objectives at all
relevant levels and for all relevant functions within your organization
and to develop plans to achieve these objectives.

Part 7 Support asks your organization to support its ISMS by
providing resources. It asks you to ensure the competence of the
people who have an impact on your organization's security and to
ensure that they are aware of their responsibilities. It then asks you
to figure out how extensive and detailed your organizationís ISMS
documents and records need to be. It then asks you to include all
necessary documents and records and to manage and control
their creation and modification.

Part 8 Operation asks you to establish the processes that your
organization needs in order to meet its information security
requirements, to carry out the actions needed to address its
information security risks and opportunities, and to implement
the plans needed to achieve its information security objectives.

Part 8 also asks you to perform regular information security risk
assessments, to prioritize your risks, and to maintain a record of
risk assessment results. And, finally, it asks you to implement your
information security risk treatment plans and to maintain a record
of your risk treatment results.

Part 9 Evaluation asks you to monitor, measure, analyze, audit,
and evaluate your organization's ISMS and to review its suitability,
adequacy, and effectiveness at planned intervals.

Part 10 Improvement asks you to identify nonconformities, to
take corrective actions, and to enhance the suitability, adequacy,
and effectiveness of your organization's ISMS.


MORE ISO 27001 2013 PAGES

Introduction to ISO IEC 27001 2013

Plain English Outline of ISO IEC 27001 2013

ISO IEC 27000 2014 Definitions in Plain English

ISO IEC 27001 2013 Translated into Plain English

ISO IEC 27001 2013 versus ISO IEC 27001 2005

Plain English Information Security Checklist

Introduction to ISO IEC 27001 2013 Annex A

Information Security Gap Analysis Tool

ISO IEC 27002 2013 PAGES

ISO IEC 27002 2013 Introduction

Overview of ISO IEC 27002 2013 Standard

Information Security Control Objectives

How to Use ISO IEC 27002 2013 Standard

ISO IEC 27002 2013 versus ISO IEC 27002 2005

ISO IEC 27002 2013 Translated into Plain English

ISO IEC 27002 2013 Information Security Audit Tool

Plain English ISO IEC 27002 2013 Security Checklist

Updated on September 12, 2016. First published on November 12, 2013.

Home Page

Our Libraries

A to Z Index

Our Customers

How to Order

Our Products

Our Prices

Our Guarantee

Praxiom Research Group Limited         help@praxiom.com        780-461-4514


Legal Restrictions on the Use of this Page
Thank you for visiting this webpage. You are welcome to view our material as often as
you wish, free of charge. And as long as you keep intact all copyright notices, you are also
welcome to print or make one copy of this page for your own personal, noncommercial,
home use. But, you are not legally authorized to print or produce additional copies or to
copy and paste any of our material onto another web site or to republish it in any way.

Copyright © 2013 - 2016 by Praxiom Research Group Limited. All Rights Reserved.

Praxiom Research
        Group Limited