Keeping your sensitive business data safe
| Our Services |
|---|
Standards Within the ISO 27000 Series
ISO 27001. (Latest version 2005) Originally BS (British Standard) 7799 Part 2, this is the element of the series against which organisations can be certified. As such, it is a series of control element statements that must either be evidenced as being complied with or, with appropriate justification from your Risk Review, ruled as out of scope.
ISO 27002. (Latest version nominally 2005) The "Code of Practice" for Information Security Management. Non-obviously, the oldest part of this series - previously known as BS7799 Part 1 and, more recently, as ISO 17799. ISO27002 provides a detailed framework of guidance on setting up an ISMS and on the ISO27001 controls objectives.
ISO 27003. Implementation guidance for your ISMS, published in 2010.
ISO 27004. Measurement, looking at Security Metrics, published in 2009. Measuring the effectiveness of information security is one of the perennial troubles for a professional function that only draws attention when things have gone. This standard is based upon the June 2005 BSI publication BIP 0074/2006, and offers guidance on setting up and running a comprehensive regime for monitoring the effectiveness of information security controls.
ISO 27005. Risk Management, published in 2001 and based on BS7799 Part 3, which is, in turn, a development of ideas from ISO TR (Technical Report - not a standard) 13335. The important thing to note is that different organisations will require widely different risk management approaches - deterministic versus expert; qualitative versus quantitative; tool-based versus free-form or discussion-based systems.
ISO 27006. (Latest version 2007) Certification Bodies. This is further guidance to ISO17021 accredited certification audit bodies on the specific requirements for ISMS auditing. Unlikely to be relevant to many Idrach Ltd customers.
ISO 27013. Provides guidance on integrating ISO 27001 compliance with an ITIL or ISO 20000 regime.
Sector Specific Guidance. A number of industry sector or "domain" specific guides to implementing ISO 27001 compliant ISMS have been recently published or are in development, including:
- ISO 27011 provides sector guidance for telecomms companies;
- ISO 27015 will provide guidance for financial and insurance companies;
- ISO 27017 will cover the use of 'cloud computing' &
- ISO 27799 provides guidance for the health services sector.
