The IT Law Wiki
The IT Law Wiki

Citation[]

ISO/IEC 27001:2005: Information Security Management Systems — Requirements (Summary).

Overview[]

ISO/IEC 27001:2005 is

an auditable international standard that specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System (ISMS) within the context of the organization's overall business risks. It uses a process approach for protection of critical information.[1]

It "is an advisory standard that is meant to be interpreted and applied to all types and sizes of organization according to the particular information security risks they face. In practice, this flexibility gives users a lot of latitude to adopt the detailed information security controls that make sense to them, but can make compliance testing more complex than some other formal certification schemes."[2]

References[]