The ISO 27001 standard was published in October 2005, essentially replacing the old
BS7799-2 standard. It is the specification for an ISMS, an Information Security
Management System. BS7799 itselfwas a long standing standard, first published in the
nineties as a code of practice. As this matured, a second part emerged to cover
management systems. It is this against which certification isgranted. Today in excess of a
thousand certificates are in place, across the world. ISO 27001 enhanced the content of
BS7799-2 and harmonized it with other standards. A scheme has been introduced byvarious certification bodies for conversion from BS7799 certification to ISO27001
The objective of the standard itself is to "provide a model for establishing, implementing,operating, monitoring, reviewing, maintaining, and improving an Information Security
Management System". Regarding its adoption, this should be a strategic decision. Further,
"The design and implementationof an organization's ISMS is influenced by their needs
and objectives, security requirements, the process employed and the size and structure of
The standard defines its 'processapproach' as "The application of a system of processes
within an organization, together with the identification and interactions of these processes,
and their management". It employs the PDCA,Plan-Do-Check-Act model to structure the
processes, and reflects the principles set out in the OECG guidelines (see oecd.org).
The ISO27001 Certification Process
Some of the most common questionspertaining to the 27000 series of standards relate to
the certification process for ISO27001. This page is intended to help address some of
these. In a nutshell, the following diagram explains the logicalflow of the process itself:
The process starts when the organization makes the decision to embark upon the
exercise. Clearly, at this point, it is also important to ensure management...
Leer documento completo
Regístrate para leer el documento completo.