ISO/IEC 27001:2013

An Information Security Management System (ISMS) is a systematic approach to managing sensitive company information so that it remains secure. It encompasses people, processes and IT systems. BSI published a code of practice for these systems, which has now been adopted internationally as ISO/IEC 27001:2013. Information security is intended to achieve confidentiality, availability, and integrity. Information security describes efforts to protect computer and non-computer equipment, facilities, data, and information from misuse by unauthorized parties. Information security means protecting information and information systems from:

  • Theft
  • Unauthorized access
  • Unauthorized Use
  • Disclosure
  • Modification
  • Destruction

ISO 27001 defines 133 security controls under following main security categories.

  • Security policy
  • Organization of information security
  • Asset management
  • Human resources security
  • Physical and environmental security
  • Communications and operations management
  • Access control
  • Information systems acquisition, development and maintenance
  • Information security incident management
  • Business continuity management
  • Compliance