Subscribe

ISO/IEC 27001 FAQ’S

ISO/IEC 27001:2013 FAQ’S

What is Information Security?

What is an ISMS?

What are the main concepts of ISO/IEC 27001?

How does ISO/IEC 27001:2013 relate to other management system standards (ISO 9001 and 14001)?

Why should I invest in implementing an ISMS and certifying it using ISO/IEC 27001:2013?

How is risk assessment related to ISO/IEC 27001:2013?

What is ISMS certification?

What is a certification body (CB)?

How long is a certificate valid?

What is Information Security?

Information Security is used to protect information.

  • It is used to provide confidentiality ensuring that the information is accessible to the authorized users to access it.
  • It provides integrity ensuring that the information is accurate and complete and information cannot be modified without authorization.
  • It provides availability by ensuring that the information is accessible to authorized users whenever it is needed

What is an ISMS ?

An Information Security Management System (ISMS) is based on a systematic business risk approach. ISMS are useful for the establishment, implementation and improvement of information security. It is also termed as an organizational approach to information security.

What are the main concepts of ISO/IEC 27001:2013?

  • All activities should be well defined and documented
  • It needs a company to specify its own security goals
  • All security measures must be the result of a risk analysis
  • It provides a set of security controls and it is up to the organization, to choose the controls to implement based upon their needs

How does ISO/IEC 27001 relate to other management system standards (ISO 9001 and 14001)?

 All the three standards follow the PLAN, DO, CHECK ACT (PDCA) cyclic process. This methodology makes it possible to integrate the systems.

Why should I invest in implementing an ISMS and certifying it using ISO/IEC 27001:2013?

If information assets are very important to your business, then you should consider implementing ISMS in order to protect those assets. If you implement ISMS, you should consider going through the process to be certified against the ISO/IEC 27001 standard.

  How is risk assessment related to ISO/IEC 27001:2013?

Risk assessment approach is a binding part of the PLAN (identify, analyze and evaluate the risks), DO (select, implement, and use controls to manage the risks), CHECK, and ACT cyclic process.

 What is ISMS certification?

ISO/IEC 27001:2013 is the standard that specifies ISMS. In this process a third party can audit an ISMS and if satisfied that it is true can certify, that an organization is compliant with this standard.

What is a certification body (CB)?

A certification body (also called a registration body, assessment and registration body, or registrar) is an independent third party that assesses and certifies that the ISMS of an organization meets the requirements of the standard.

How long is a certificate valid?

Certificates have a maximum validity of three years.