Tag: isms

ISMS Certification vs Conformity

So, as stated here you can certify against ISO/IEC 27001 only. But why certify? Here are some reasons provided by certification bodies.

Certification finds no basis in legislative or regulatory requirement, so why bother? The best answer is to validate that investment in security controls meets business goals and provides business value. Business value is found in managing business risk, achieving high levels of legislative and regulatory compliance, and managing vulnerabilities and threats. The ISO security standards provide a disciplined approach to information security, business risk management, and compliance management. Certification provides an independent validation that the organization has applied that discipline effectively and proves due diligence on the part of executives and management, that they are addressing the information security needs of
the organization.

Continue reading ISMS Certification vs Conformity

ISO ISMS history

The ISO is developing a new series of security standards, the first of which is ISO 27001, Information Technology—Security Techniques— Information Security Management Systems—Requirements. ISO 27001 replaces British Standard (BS) 7799, Part 2. BS 7799, Part 1 evolved into ISO 17799, Information Technology—Security Techniques—Code of Practice for Information Security Management and is now known as ISO 27002. Definitive plans are not yet available; however, tentative plans for additional ISO security standards in the 27000 numbering series include ISO 27003, covering security implementation guidance; ISO 27004, for metrics and measurements; and ISO 27005, covering risk management.

Continue reading ISO ISMS history