BS EN ISO/IEC 27001:2017 Information technology. Security techniques. Information security management systems. Requirements

BS EN ISO/IEC 27001:2017

Information technology. Security techniques. Information security management systems. Requirements

Status : Current   Published : October 2013



What is this standard about?

BS EN ISO/IEC 27001:2017 is the internationally acclaimed standard for information security management. It is the baseline standard of the ISO 27000 series of international information security management standards and the foundation standard for implementing an Information Security Management System (ISMS). 

Who is this standard for?

Anyone planning to build, operate, audit or certify an ISMS system. It will also be useful to anyone with an interest in integrated management systems, or a general interest in assessing information security measures.

Why should you use this standard? 

Since their inception in the early 1990s, global information security standards have grown in rigor and recognition. So too have information security threats and the best ways to manage them.This standard reflects current best practice for information security management.It provides specific recommendations to help you establish an ISMS, monitor its performance and implement improvements when necessary. It also enables external assessment and certification of an organization’s information security.

This standard is not unnecessarily prescriptive, allowing great flexibility in how requirements are satisfied and giving organizations freedom to implement requirements in a manner best suited to them.

It uses BS EN ISO/IEC 27002:2017, a Code of Practice for information security controls – with which it fully aligns – as its source of possible security measures. 

BS EN ISO/IEC 27001 and BS EN ISO/IEC 27002 are supported by a wide range of other specialist standards in the 27000 series.

What’s changed since the last update?

This is a technical update of the previous edition. In addition it follows the new high level structure common to all recent management system standards. This allows easy integration when implementing more than one management system within your organization, for example when combining information security with quality (BS EN ISO 9001:2015) or environmental management (BS EN ISO 14001:2015).

Standard NumberBS EN ISO/IEC 27001:2017
TitleInformation technology. Security techniques. Information security management systems. Requirements
Publication Date01 October 2013
Normative References(Required to achieve compliance to this standard)ISO/IEC 27000
Informative References(Provided for Information)ISO/IEC Directives Part 1, ISO/IEC 27004, ISO 31000:2009, ISO/IEC 27005, ISO/IEC 27003:2017, ISO/IEC 27002:2013
ReplacesBS ISO/IEC 27001:2005/BS 7799-2:2005
International RelationshipsEN ISO/IEC 27001:2017,ISO/IEC 27001
Amended ByCorrigendum, March 2017; Corrigendum, January 2016
DescriptorsData storage protection, Computer technology, Documents, Information systems, Maintenance, Anti-burglar measures, Records (documents), Computers, Management, Information exchange, Classification systems, Data security, Computer networks, Technical documents, Data processing
Title in FrenchTechnologies de l?information. Techniques de sécurité. Systèmes de management de la sécurité de l?information. Exigences
Title in GermanInformationstechnik. Sicherheitsverfahren. Informationssicherheits- Managementsysteme. Anforderungen
ISBN978 0 580 95518 1
File Size2.088 MB

 Your basket
Your basket is empty

Multi-user access to over 3,500 medical device standards, regulations, expert commentaries and other documents


Access, view and download standards with multiple user access, across multiple sites with BSOL

Develop a PAS

Develop a fast-track standardization document in 9-12 months

Tracked Changes

Understand the changes made to a standard with our new Tracked Changes version

Customers who bought this product also bought