The ISO/IEC 27000 family of information security standards, also known as the ISO 27000 series, is developed and published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) to provide a globally recognised framework for best-practice information security management.
These security standards help organisations keep their information assets secure, such as their financial information, employee details and intellectual property.
What is ISO/IEC 27001?
The pillar of the ISO 27000 series is ISO/IEC 27001:2013 (also known as ISO 27001). This standard sets out the requirements that an organisation’s information security management system (ISMS) can be audited and certified against. ISO 27001 certification enables organisations of any size and in any industry to prove that they meet critical legislative and regulatory requirements related to information security. It demonstrates that the organisation has a framework for securing and protecting confidential, personal and sensitive data.
ISO 27001 provides a proven framework that helps organisations protect their information through effective technology, auditing and testing practices, organisational processes and staff awareness programmes.
Why use an ISO/IEC 27000-series standard?
Cyber attacks are one of the biggest risks an organisation can face. They continue to grow in scale and complexity, making hackers a constant threat to any industry that uses technology. Companies of all sizes are progressively concerned about implementing effective and affordable solutions to protect their corporate and personal data.
Although ISO 27001 is the most popular standard (given that it is the standard that provides an independently audited certification), it only sets out the requirements of an ISMS. The other standards in the ISO 27000 series have been developed to lend additional guidance and support:
- ISO 27002 – best practice guidance on applying the controls listed in Annex A of ISO 27001
- ISO 27000 – provides an explanation of the terminology used in ISO 27001
- ISO 27005 – provides guidance on conducting an information security risk assessment
- ISO 27032 – general guidance on cyber security best practice
View the ISO 27001 family of standards here >>>
Organisations that achieve certification to ISO/IEC 27001 are able to:
- Secure all of their critical data;
- Avoid fees and penalties that come with data breaches;
- Enhance and retain customer confidence;
- Avoid reputational damage;
- Show that they are abiding by security best practice; and
- Keep their information security evolving with technological developments.
The ISO 27000 family of standards are applicable to organisations of any size in any sector. New standards are developed to keep up with the continuing development of technology and the changing requirements for information security.