BS ISO/IEC 27003:2010

BS ISO/IEC 27003:2010
Guidance on implementing information security management systems including security techniques

What is it?

BS ISO/IEC 27003:2010 gives core recommendations for the design of an Information Security Management System (ISMS) in line with ISO/IEC 27001:2005. It provides clear instructions on planning an ISMS project in organisations of all sizes across all sectors. BS ISO/IEC 27003:2010 does not include recommendations for carrying out information security activities; it only gives guidance on designing the ISMS implementation plan. Further ISO/IEC standards are available for ISMS implementation and project management.

How does it work?

BS ISO/IEC 27003:2010 sets standards for planning and designing an ISMS project, providing guidance on information security best practice. It helps you to define the scope of your ISMS needs within the structure of your business. BS ISO/IEC 27003:2010 also gives guidance on gaining management approval for implementation plans.  Using these guidelines will provide an ISMS framework to deliver effective information security, giving stakeholders greater confidence in your risk management and data protection capabilities.

Who should buy it?

• Those with responsibility for information security 
• Those who want to design a new ISMS.  

Contents of BS ISO/IEC 27003 include:

• Scope
• Normative references
• Terms and definitions
• Structure of this International Standard
• General structure of clauses
• Diagrams
• Obtaining management approval for initiating an ISMS project
• Overview of obtaining management approval for initiating an ISMS project
• Clarify the organization’s priorities to develop an ISMS
• Define the preliminary ISMS scope
• Create the business case and the project plan for management approval
• Defining ISMS scope, boundaries and ISMS policy
• Overview of defining ISMS scope, boundaries and ISMS policy
• Define organizational scope and boundaries
• Define information communication technology (ICT) scope and boundaries
• Define physical scope and boundaries
• Integrate each scope and boundaries to obtain the ISMS scope and boundaries
• Develop the ISMS policy and obtain approval from management
• Conducting information security requirements analysis
• Overview of conducting information security requirements analysis
• Define information security requirements for the ISMS process
• Identify assets within the ISMS scope
• Conduct an information security assessment
• Conducting risk assessment and planning risk treatment
• Overview of conducting risk assessment and planning risk treatment
• Conduct risk assessment
• Select the control objectives and controls
• Obtain management authorization for implementing and operating an ISMS
• Designing the ISMS
• Overview of designing the ISMS
• Design organizational information security
• Design ICT and physical information security
• Design ISMS specific information security
• Produce the final ISMS project plan
• Checklist description
• Roles and responsibilities for Information Security
• Information about Internal Auditing
• Structure of policies
• Monitoring and measuring
• Bibliography

Why BSI?

We are global, we’re independent and we’re trusted service provider to 80,000 businesses. We operate in 147 countries and are the number one certification body in the UK and US. We created 85% of our portfolio because we know standards and we know your business. We’re leaders and we can make you one too.