ISO 27001 Certification

Essentially, ISO 27001 is a specification for Information Security Management Systems (ISMS). ISMS is a framework of policies and procedures for the legal, physical, and technical controls involved in the information risk management process of a specific organization.

According to ISO’s official documentation, the specification was created to “provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining, and enhancing an information security management system.”

The implementation of ISO 27001 requires a top-down, technology-neutral, risk-based strategy.

The ISO specification also defines a six-step planning procedure.

1. Establishing a Security Policy
2. Determining the ISMS’s scope
3. Conducting a risk assessment
4. Administration of Identified Hazards
5. Selection of Control Goals
6. Preparation of an application statement.

The specification does not mandate specific information security protocols, but it does provide a compendium of ISO 270002-compliant code practices. Most organizations that implement ISO 27001 also implement ISO 27002