ISO logo

Security Management

CategoryCyber Security Standards

Information Security Management system (ISMS), also known as ISO/IEC 27000 family of standards, is published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) to provide guidance on IT security policies and controls.


Specification


Information Asset Protection


Information Security Policies and Controls

ISMS family of standards, a.k.a. ISO/IEC 27000 series, provides recommendations on the management of information risks through IT security controls and procedures.

All information held and processed by an organization is subject to threats of attack, errors and vulnerabilities inherent in its use. Protecting information through defining, achieving, maintaining and improving information security effectively is essential to enable the organization to achieve its business and compliance objectives.

The series is deliberately broad in scope, covering more than just data confidentiality, integrity and privacy. It incorporates continuous feedback and improvement activities, to respond to changes in the threats, vulnerabilities and incident impacts.

To interrelate and coordinate information security activities, each organization needs to establish its information security policies, standards, recommendations and objectives, and achieve those objectives effectively by using a management system.

ISMS standards