ISO 27001:2013 CERTIFICATION

ISO 27001 (formally known as ISO/IEC 27001:2013) is a specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation's information risk management processes.

According to its documentation, ISO 27001 was developed to "provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system." ISO 27001 uses a topdown, risk-based approach and is technology-neutral. The specification defines a six-part planning process:

• Define a security policy.
• Define the scope of the ISMS.
• Ensure compliance with laws and regulations.
• Conduct a risk assessment.
• Definition of new information security management processes.
• Identification and clarification of existing information security management processes.
• Manage identified risks.