BS ISO/IEC 27003:2010
Information security management systems - Information security managment system implementation guidance
What is it?
The purpose of BS ISO/IEC 27003:2010 is to provide practical assistance when developing and implementing an Information Security Management System (ISMS) within an organization. It provides clear guidance on planning an ISMS project in organisations of all sizes across all sectors. BS ISO/IEC 27003:2010 does not include recommendations on what information security activities or controls are necessary in a particular organization; it only gives guidance on the activities necessary to implement and initiate an ISMS.
How does it work?
BS ISO/IEC 27003:2010 uses a flow model to define and describe all the processes necessary to create an ISMS in accordance with BS ISO/IEC 27001:2005. Each activity is described in detail, with hints and tips as necessary. Annexes contain a comprehensive checklist to monitor progress, advice on roles and responsibilities, and other useful topics applicable to more than one activity. BS ISO/IEC 27003:2010 is the definitive practical guide to building an ISMS in accordance with ISO/IEC 27001:2005.
Who should buy it?
Anyone who is planning to build an ISMS based on BS ISO/IEC 27001 needs BS ISO/IEC 27003:2010 as well. It is an essential supporting standard for ISMS implementation. It will be useful for anyone needing insight into the practical aspects of building an ISO/IEC 27001 ISMS.
See the preview for contents.
BS ISO/IEC 27003:2010 is currently being revised to fully align with the new edition of ISO/IEC 27001, BS ISO/IEC 27001:2013. However, the principles and much of the detailed guidance in BS ISO/IEC 27003:2010 are equally applicable to building an ISMS using the latest edition of ISO/IEC 27001.
Until the new edition of BS ISO/IEC 27003 is published, there are a number of books available from the BSI Shop that will explain the differences between the two versions of BS ISO/IEC 27001. Particularly recommended is BIP 0139:2013 An Introduction to ISO/IEC 27001:2013.