ISO 27001:2005 Information Security Management System
In the context of this standard, the term information includes all forms of information - data, documents, communications, conversations, messages, recordings, and photographs. It includes everything from digital data and email to faxes and telephone conversations.
The key benefits are:
- 1. DEFINE ISMS POLICY including the approach to risk assessment, identifying, analyzing and evaluating security risks and controls.
- 2.IMPLEMENT AND OPERATE THE ISMS by developing a risk treatment plan to manage the organization's information security risks, implement security controls, educational programs and security procedures.
- 3. MONITOR AND REVIEW THE ISMS by using procedures and controls, performing regular internal audits, updating information security plans.
- 4. MAINTAIN AND IMPROVE THE ISMS by taking preventive & corrective actions.