One of the key resources in modern business is information. Financial data, data on the way the organization works, contacts with users, data on employees, data on products and technologies, contracts, records, etc. they are only a part of the sea of information available to a modern organization.
This International Standard specifies requirements for the implementation, application, operation, monitoring, review, maintenance and improvement of a documented ISMS within the context of the overall business risks of the organization. It specifies requirements for the implementation of security management in accordance with the needs of individual organizations or their parts.
Adopting an ISMS is a strategic decision for one company. The design and implementation of ISMS is influenced by needs and goals, security requirements, the processes used, and the size and structure of the organization. The standard can be used to assess compliance by internal and external parties.
Successfully designed and implemented information security management system, which includes people, processes and IT system, provides security and confidence to users and business partners that information security is on the list of business priorities, as well as to act professionally and responsibly. The standard treats information as an asset and provides basic guidelines for its preservation, safe management and use.
The application of ISO / IEC 27001 is especially intended for organizations that have internal and / or external information systems in their business, data that is confidential, whose business processes depend on the information system and other organizations that want to adapt to today's information security.