Professional Documents
Culture Documents
management systems
The ISO/IEC 27000 family of standards helps organizations keep information assets secure.
Using this family of standards will help your organization manage the security of assets such as financial information,
intellectual property, employee details or information entrusted to you by third parties.
ISO/IEC 27001 is the best-known standard in the family providing requirements for an information security management
system (ISMS).
There are more than a dozen standards in the 27000 family, you can see them here.
What is an ISMS?
An ISMS is a systematic approach to managing sensitive company information so that it remains secure. It includes people,
processes and IT systems by applying a risk management process.
It can help small, medium and large businesses in any sector keep information assets secure.
Information technology -- Security techniques -- Information security management systems -- Overview and
vocabulary
ISO/IEC 27000:2018 provides the overview of information security management systems (ISMS). It also provides terms and
definitions commonly used in the ISMS family of standards. This document is applicable to all types and sizes of
organization (e.g. commercial enterprises, government agencies, not-for-profit organizations).
The terms and definitions provided in this document
- cover commonly used terms and definitions in the ISMS family of standards;
- do not cover all terms and definitions applied within the ISMS family of standards; and
- do not limit the ISMS family of standards in defining new terms for use.
1. select controls within the process of implementing an Information Security Management System based on ISO/IEC
27001;
2. implement commonly accepted information security controls;
3. develop their own information security management guidelines.