ISO 27001 -Information Security Management System

ISO 27001:2013 is an information security standard that was published on the 25th September 2013.

It supersedes ISO/IEC 27001:2005, and is published by the International Organization for Standardization (ISO) and the International Electro-technical Commission (IEC) under the joint ISO and IEC subcommittee, ISO/IEC JTC 1/SC 27. It is a specification for an information security management system (ISMS). Organisations which meet the standard may gain an official certification issued by an independent and accredited certification body on successful completion of a formal audit process.

The official title of the standard is «Information technology— Security techniques — Information security management systems Requirements».

27001:2013 has ten short clauses, plus a long annex, which cover:

  1. Scope of the standard
  2. How the document is referenced
  3. Reuse of the terms and definitions in ISO/IEC 27000
  4. Organisational context and stakeholders
  5. Information security leadership and high-level support for policy
  6. Planning an information security management system; risk assessment; risk treatment
  7. Supporting an information security management system
  8. Making an information security management system operational
  9. Reviewing the system’s performance
  10. Corrective action

Swiss Approval International guarantees an accredited certification, giving to Organizations the suitable passport for International market, ensuring with accuracy and independency the principles and rules established by the standard ISO 27001:2013.