ISO 27001 : Information Security Management System

Information is the key to growth and success of an organization. It is an important asset, valuable to an organization and hence needs to be suitably protected. Organizations have realized the importance of security and that it is vital to keep confidential business information secure. Sensitive and confidential information need to be protected in all ways. A certified Information Security Management System compliant to International Standard demonstrates that information is suitably protected. ISO has developed ISO 27001 standard in order to overcome the information security shortcomings in organizations. ISO 27001 is an Information Security Management System (ISMS) standard published in October 2005 by the International Organization for Standardization and International Electrotechnical Commission. The objective of the standard itself is to "provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an Information Security Management System". Regarding its adoption, this should be a strategic decision. Further, "The design and implementation of an organization's ISMS is influenced by their needs and objectives, security requirements, the process employed and the size and structure of the organization".