#moc # ISO/IEC 27001 An [[ISO]] standard outlining the requirements for planning, implementing, maintaining, and continuously improving an [[Information Security Management System]] (ISMS). It's made up of clauses that produce requirements for conformity. If properly attended and implemented, it is a fantastic resource for developing not only and ISMS, but an in-house understanding and respect of Information Security. ISO/IEC 27001 requires that management: - Systematically examine the organisation's information security risks, taking account of the threats, vulnerabilities, and impacts of these eventuating; - Plan and implement a relevant and comprehensive body of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable; and - Adopt an overarching management process (system) to ensure that the information security controls continue to meet the organisation's information security needs on an ongoing basis. ## Content of the standard [[Clause 1, 2 and 3 - Scope, References, Terms and Definitions]] [[Clause 4 - Context of the organisation]] [[Clause 5 - Leadership]] [[Clause 6 - Planning]] [[Clause 7 - Support]] [[Clause 8 - Operation]] [[Clause 9 - Performance and Evaluation]] [[Clause 10 - Improvement]] ## Implementation and certification A diagram showing the ISO 27001 implementation and certification process: ![[Implementation and certification process.png]] ## The Name, Publishers, and Authors... Even though it is sometimes referred to as ISO 27001, the **official abbreviation** for the International Standard on requirements for information security management is ISO/IEC 27001. That is because it has been **jointly published by ISO and the International Electrotechnical Commission (IEC)**. The number indicates that it was published under the responsibility of Subcommittee 27 (on Information Security, Cybersecurity and Privacy Protection) of ISO’s and IEC’s Joint Technical Committee on Information Technology (ISO/IEC JTC 1). ## The History of 'ISO/IEC 27001' An interesting timeline of international collaboration and iterative improvements, Follow the context-rich timeline below. The 'golden thread' of 27001 updates is reductive: All of these timeline components are relevant! ![[The History of ISO 27001.png]]