The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) has set the international standards on Information Security Management in the ISO/IEC 27000 series. Specifically, the guidance on the security techniques ‘ISO 27001’ and the code of practice for information security management ‘ISO 270002’ is commonly known as “ISO27001/2”. A number of regulating agencies, including the Data Protection Commissioner, have declared ISO 27001/2 to be a benchmark for prudent and competent practice. However, companies find challenges in adopting the standard while remaining mindful of costs.
The latest revision of this standard was published in 2013, and its full title is now ISO/IEC 27001:2013. The first revision of the standard was published in 2005, and it was developed based on the British standard BS 7799-2.
ISO 27001 can be implemented in any kind of organization, profit or non-profit, private or state-owned, small or large. It was written by the world’s best experts in the field of information security and provides methodology for the implementation of information security management in an organization. It also enables companies to become certified, which means that an independent certification body has confirmed that an organization has implemented information security compliant with ISO 27001.