ISO/IEC 27001 standard: security for traditional IT systems 

ISO/IEC 27001 is the leading international and most important standard regarding cyber-security of Information Technology (IT) systems. It describes the implementation of an Information Security Management System (ISMS) by providing clear guidelines for planning, implementing, monitoring, and improving your information security. These requirements are generally applicable and apply not only to private and public companies but also to non-profit institutions.

Starting point of an ISMS is basically the (risk) analysis of the situation in your organization. Based on the classified processes and data, the security risks identified for them, and the defined requirements and objectives, a customized security concept is to be implemented. The protection of your sensitive data and its simultaneous availability for authorized users and processes must be taken into account in equal measure.

ISO/IEC 27001 looks at your organization as a whole by including all hierarchical levels, departments and processes into the safety-related consideration.

An ISMS which complies to the ISO/IEC 27001 is not static but rather continuously adapted to changing conditions. It follows a Plan-Do-Check-Act (PDCA) cycle which results in a continuous optimization of the protection measures.

 

 


• Published/reviewed: 2024-12-09 • Revision 015 •