ISO 27001:2013 – Information Technology / Security Management

ISO 27001:2013 is an information security standard that is a specification for an information security management system (ISMS).

The official title of the standard is “Information technology — Security techniques — Information security management systems — Requirements”. It helps organizations who aim to comply with multiple standards, to improve their IT from different perspectives.

Organizations which meet the standard may be certified compliant by an independent and accredited certification body on successful completion of a formal compliance audit.

ISO 27001:2013 has ten short clauses, plus a long annex, which cover:

1. Scope of the standard

2. How the document is referenced

3. Reuse of the terms and definitions in ISO 27000

4. Organizational context and stakeholders

5. Information security leadership and high-level support for policy

6. Planning an information security management system; risk assessment; risk treatment

7. Supporting an information security management system

8. Making an information security management system operational

9. Reviewing the system’s performance

10. Corrective action

Annex A: List of controls and their objectives.