ISO 27001 ISMS

What is information security?

Information security is the protection of information to ensure:

• Confidentiality: ensuring that the information is accessible only to those authorized to access it.
• Integrity: ensuring that the information is accurate and complete and that the information is not    modified without authorization.
• Availability: ensuring that the information is accessible to authorized users when required.

 

Information security is achieved by applying a suitable set of controls (policies, processes, procedures, organizational structures, and software and hardware functions).

What is an ISO/IEC 27001:2013 Information Security Management System (ISMS)?

An Information Security Management System (ISMS) is a management system based on a systematic business risk approach, to establish, implement, operate, monitor, review, maintain, and improve information security. It is an organisational approach to information security. ISO/IEC 27001 (BS 7799) is a standard for information security that focuses on an organisation's ISMS.