What is ISO 27001:2013?
ISO 27001 : 2013 is an internationally recognised standard that lays out requirements to which an organisation must adhere, to demonstrate that it’s information is managed within a framework committed to continually reviewing and improving the security of that information in line with the Data Protection Act of 1998. The framework is commonly referred to as an information security management system. As ISO 27001 : 2013 is an internationally recognised standard, most information security management systems are based on its requirements.
The standard focuses on how your organisation
- Controls important documentation and records,
- Manages assets via which important information can be accessed,
- Manages information security processes in line with the 3 key principals of information security; Confidentiality, Integrity and Availability,
- Management of risks to information security,
- Reviews internal processes and problems,
- Managing your commitment to continual improvement of the ISMS.