BS ISO/IEC 27001:2005/BS 7799-2:2005 Information technology. Security techniques. Information security management systems. Requirements
BS ISO/IEC 27001:2005 is the complementary standard to BS ISO/IEC 17799:2005 (BS 7799-1). The standard provides a specification for ISMS and the foundation for third party audit and certification. It is harmonized to work with other management system standards such as ISO 9001 and ISO 14001, and will assist in the integration and operation of an organization’s overall management system.
BS ISO/IEC 27001 ensures effective information security management is established and maintained through a continual improvement process, and will implement the OECD principles governing the security of information systems and network.
Contents of BS ISO IEC 27001 include:
- Introduction
- Scope
- Normative references
- Terms and definitions
- Information security management system
- Management responsibility
- Internal ISMS audits
- Management review of the ISMS
- ISMS improvement
- Control objectives and controls
- OECD principles and this International Standard
- Correspondence between ISO 9001:2000, ISO 14001:2004 and this
International Standard
- Bibliography
BS ISO/IEC 27001:2005 replaces BS 7799-2:2002 which has been withdrawn.
Frequently Asked Questions about BS ISO IEC 27001
BSI Book on BS ISO IEC 27001
Need guidance on information security risk management?
New book shows you how to implement ISO 27001.
Information Security Risk Management. Handbook for ISO/IEC 27001