Contents of ISO 27001
ISO 27001 is a specification for an Information Security Management System (ISMS), meaning the the system for monitoring, measuring and controling information security as a whole. Broadly speaking it explains how to apply the controls within ISO 27002.

It describes a 6 part process, based upon the PDCA Cycle comprising:

Define the scope of the ISMS
Define a security policy
Undertake a risk assessment/analysis
Manage the risk
Select control objectives and the actual controls to be implemented/applied
Prepare a Statement of Applicability.

It incorporates the Plan-Do-Check-Act continuous improvement approach familiar to users of the ISO 9000 series quality assurance standards.

ISO 27002 itself is summarized within an appendix to ISO 27001.

Return to the ISO 27002 Guide front page.


Note: ISO 27001 was formerly known as BS7799-2.

Recently Changed
Certification (ages ago)
risk treatment plan (ages ago)
Spanish (ages ago)