Skip to main content Link Menu Expand (external link) Document Search Copy Copied
Concepts

Information Security Management System (ISMS)

ISO 27001 (formally known as ISO/IEC 27001:2005) is a specification for an [information-security] management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation’s information risk management processes.

Although ISO 27001 is built around the implementation of information security controls, none of them are universally mandatory for [compliance]. That’s because the Standard recognises that every organisation will have its own requirements when developing an ISMS, and that not all controls will be appropriate.