ISO/IEC 27001
What is it?
The ISO/IEC 27001 standard includes the requirements of an internationally recognised management system that guarantees the administration and protection of the confidentiality, integrity, and availability of the information, storage mediums, and equipment used in an organisation. The core of this security administration tool is a risk management system that avoids that information is compromised.
Legal framework
- ISO/IEC 27001 Information Security Management Systems.
ISO 27001: 2017 transition
On the occasion of the comparison of the ISO 27001:2017 and ISO 27001:2022 standards within the framework of the Transition Plan of the reference standard, it is concluded that it is possible to carry out the update of certificates to the new version of the standard. Therefore, customers with a valid certificate will proceed to the issuance of a new certificate with the updated version of the standard, ISO 27001:2022 .
Who is it for?
The ISO 27001 standard is suitable for any organisation, large or small, of any sector or part of the world. It is particularly interesting if the nature of the information to be treated is confidential, such as in the finance, health, information technology or public sectors.
It can also be directed to organisations that manage information on behalf of others, thus being able to demonstrate to customers that their information is protected.
This standard can be combined with ISO 9001 and ISO 14001, since both have a very similar structure, which represents an interesting cost saving when it comes to be certified in said standards.
