Standard for Information Security Management Systems
 

ISO/IEC 27001 is a voluntary, international standard for the evaluation and certification of the management of information security processes within companies, issued by ISO, the International Organization for Standardization.

In addition to information technology, ISO/IEC 27001 particularly considers the relevant business processes. It not only describes the demands made on the organization and the technical systems, but also the suitable activities for permanently sustaining the security level determined on the basis of the risk assessment.

Certification is relevant to all organizations that work with confidential data that they want to protect.

The information security management system showing the TÜV Rheinland mark is audited and certified by TÜV Rheinland.

Expert auditors analyze and evaluate the customers' organization. If all necessary requirements are fulfilled the organization is certified according to ISO 27001. The information security management system of the organization is subject to periodic surveillance.

Certified organizations may use the test mark in their communications.