| What is an ISO 27001:2013 System

What is an ISO 27001:2013 System

The primary objective of the ISO 27001:2013 is to safeguard information. The foundation of the process is to identify which information assets are to be protected and to what degree. Assets include digital information, paper documents, and physical assets such as computers and networks, but the individual person must also be considered as an asset.

The following steps are required for Compliance or Certification:

  • Understanding the Context of the Organisation
  • Developing an Information Security Policy
  • Defining a Scope Statement
  • Performing a Risk Assessment & Analysis
  • Defining a Statement of Applicability
  • Developing a Business Continuity Plan
  • -Developing and implementing the Information Security Management System
  • Completing a Compliance Certification Audit
ISO 27001 was one of the forerunners of the HLS (Unified High Level Structure) for Managment Systems. ISO decided in 2012 that all Management System standards shall use a common framework containing:

  • High Level Structure
  • Common Text and Terminology
Individual management system standards have added additional "discipline-specific" requirements as required; ISO 27001:2013 is one of them.