ISO/IEC 27001

ISO/IEC 27001 is an international standard to manage information security. The standard was originally published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in 2005,[1] revised in 2013,[2] and again most recently in 2022.[3] There are also numerous recognized national variants of the standard. It details requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS) – the aim of which is to help organizations make the information assets they hold more secure.[4] Organizations that meet the standard's requirements can choose to be certified by an accredited certification body following successful completion of an audit. A SWOT analysis of the ISO/IEC 27001 certification process was conducted in 2020.[5]

  1. ^ "ISO/IEC 27001 International Information Security Standard published". bsigroup.com. BSI. Retrieved 21 August 2020.
  2. ^ Bird, Katie (14 August 2013). "NEW VERSION OF ISO/IEC 27001 TO BETTER TACKLE IT SECURITY RISKS". ISO. Retrieved 21 August 2020.
  3. ^ ISO/IEC. "ISO/IEC 27001:2022". ISO.org. Retrieved 29 November 2022.
  4. ^ "ISO/IEC 27001:2013". ISO. Retrieved 9 July 2020.
  5. ^ Akinyemi, Iretioluwa; Schatz, Daniel; Bashroush, Rabih (2020). "SWOT analysis of information security management system ISO 27001". International Journal of Services Operations and Informatics. 10 (4): 305. doi:10.1504/ijsoi.2020.111297. ISSN 1741-539X.