ISO 27001: definition and history of this standard

ISO 27001 Standard Logo

ISO 27001: definition

ISO 27001 (or ISO/IEC 27001) is the information security management standard that is part of the ISO/IEC 27000 family of standards, of which it is the best known. Specifically, it sets out the requirements for ISMS (Information Security Management Systems) for all types of organizations, whether they are managing the security of information entrusted by third parties, personnel data, intellectual property documents or financial data.

ISO 27001 Standard Logo

ISO 27001: history and objective

Based on BS 7799-2, ISO 27001 was first published in November 2005 and revised in 2013. Laying the foundations of information security management in an organization, it also integrates the management principles of the ISO 9001 standard and the PDCA (Plan, Do, Check et Act) of continuous improvement. Because its requirements are generic, ISO 27001 can be applied to any type of organization, regardless of its size or nature (commercial or not).

The objective of the ISO 27001 standard is to manage risks by protecting the confidentiality and availability of information in an organization. It works to put in place good practices in data protection through both organizational and technical measures. Moreover, the ISO 27001 standard does not impose a specific risk assessment method but rather reproducibility criteria. Thus, organizations have the choice between adapting ISO 27005 to their needs, or opting for one of the known methods such as EBIOS (Expression of Requirements and Identification of Security Objectives), set up by the ANSSI (National Agency for Information Systems Security).

You've enabled "Do Not Track" in your browser, we respect that choice and don't track your visit on our website.