ISO 27001 Awareness

ISO 27001 is the information security governance standard that build organizational security by evaluating against the Confidentiality, Integrity and Availability (CIA). It is a robust and comprehensive standard that ensures security best practices are properly observed within your organization. The current version of the standard is ISO 27001:2013.

An Information Security Management System (ISMS) is a security governance system that is reflected within the organization structure that notions culture of security. The ISMS is achieved through the risk based methodology by applying administartive, technical and operational security controls to improve information security.

  • Scope (4.3)
  • Information security policy (5.2 e)
  • Information security risk assessment process (6.1.2)
  • Information security risk treatment process (6.1.3)
  • Information security objectives (6.2)
  • Evidence of competence (7.2)
  • The organization’s information security management system shall include:  documented information determined by the organization as being necessary for the effectiveness of the information security management system (7.5.1 b)
  • The extent necessary to have confidence that the processes required for operational planning and control have been carried out as planned (8.1)
  • The results of information security risk assessments (8.2)
  • The results of information security risk treatment (8.3)
  • Evidence of the information security performance monitoring and measurement results (9.1)
  • Internal audit programme(s) and the audit results (9.2 g)
  • Evidence of the results of management reviews (9.3)
  • Evidence of the nature of the nonconformities and any subsequent actions taken, and the results of any corrective actions (10.1)

Our Partners