ISO/IEC 27001:2005

ISO/IEC 27001

The ISO/IEC 27001 is an international standard for the evaluation and certification of the management of information security processes within companies. In addition to information technology, ISO/IEC 27001 particularly considers the relevant business processes. It not only describes the demands made on the organisation and the technical systems, but also the suitable activities for permanently sustaining the security level determined on the basis of the risk assessment.
Information is to be considered as a company asset that needs protection against a variety of threats.
Information Security means:

 

 

 

Compliance (with legal and organisational requirements)
ISO/IEC 27001 is the standard for certification of information security management systems. ISO/IEC 17799 is the associated code of practice.
The process-oriented approach of the ISO/IEC 27001 is methodically compatible to the ISO 9000 Family.