Home
Contact Us
Log in
BSI Worldwide
Business Standards Magazine

Information Security ISO/IEC 27001

What is an Information Security Management System?

An Information Security Management System (ISMS) is a systematic approach to managing sensitive company information so that it remains secure. It encompasses people, processes and IT systems. BSI published a code of practice for these systems, which has now been adopted internationally as ISO/IEC 27001:2005.

Where Do I Start?
  1. Develop an information security policy and identify your organization's key information assets. Purchase the standards, ISO/IEC 27002:2005 (previously named ISO/IEC 17799:2005) and ISO/IEC 27001:2005  to help you do this.
  2. Carry out a risk assessment and build your ISMS. Training of key staff will help to ensure its successful implementation.
  3. Once your management system is fully implemented you can register to ISO/IEC 27001:2005 with BSI.

What are ISO/ IEC 27001 and ISO/ IEC 27002?

BSI Group, 389 Chiswick High Road, London, W4 4AL. Email: certification.sales@bsigroup.com
© 2007 BSI. Legal Notice.