Professional Documents
Culture Documents
ISMS description
As with all management processes, an ISMS must remain effective and efficient in
the long term, adapting to changes in the internal organization and external
environment. ISO/IEC 27001 therefore incorporates the typical "Plan-Do-Check-
Act" (PDCA), or Deming cycle, approach:
business continuity;
minimization of damages and losses;
competitive edge;
profitability and cash-flow;
respected organization image;
legal compliance
ISO/IEC 27001:2005
An organization using ISO/IEC 27001:2005 as the basis for its ISMS, can become
registered by BSI, thus demonstrating to stakeholders that the ISMS meets the
requirements of the standard.
ISO/IEC 27002:2005
Security policy;
Organization of information security;
Asset management;
Human resources security;
Physical and environmental security;
Communications and operations management;
Access control;
Information systems acquisition, development and maintenance;
Information security incident management;
Business continuity management;
Compliance.