​

ISO 27001 Information and Data Security Management supports organisations to control business security systems. Systematically examining the business information security risks, taking account of the threats, vulnerabilities and impact.

​

The objective of the standard is to “provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an Information Security Management System (ISMS)”.

 

The standard defines its ‘process approach’ as “The application of a system of processes within an organisation, together with the identification and interactions of these processes, and their management”. It employs the Plan-Do-Check-Act model to structure the processes, and reflects the principles set out in the OECG guidelines.

 

As more SME’s carry out more activities on behalf of larger organisations, often involving privileged access to sensitive information or critical business services the ISO 27001 Information and Data Security Management standard continues to be adopted internationally.