ANSI - American National Standards Institute
 Print this article  Previous Next 

New International Standard on Information Security Management Systems


New York, Oct 27, 2005

A new international standard jointly published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) integrates the process-based approach of management system standards in a framework for companies to use in protecting the security of information from a variety of threats. ISO/IEC 27001:2005, Information technology – Security techniques – Information security management systems – Requirements, aims to combat information security flaws and prevent threats to ensure business continuity, minimize business damage and maximize return on investments and business opportunities.

"The publication of ISO/IEC 27001:2005 is a big event in the world of information security and the standard has been eagerly awaited," said Ted Humphreys, convenor of the working group responsible for managing the development of the standard. "It is a standard that all security-conscious organizations should look to implement."

Business of all sizes and in a wide range of commercial and industry sectors can implement the standard, which specifies a general framework for a business to establish, implement, review and monitor, manage and maintain an effective Information Security Management System (ISMS). The standard’s developers state that implementation of ISO/IEC 27001 will reassure customers and suppliers that information security is taken seriously within the organizations they deal with because they have in place state-of-the-art processes to deal with information security threats and issues.

The new standard forms a complementary pair with the recently revised ISO/IEC 17799:2005, Information technology – Security techniques – Code of practice for information security management, which describes and lists individual security controls that may be applied as part of the security management system described by ISO/IEC 27001. The new version of ISO/IEC 17799 addresses the security of information in its widest sense, providing best business practice, guidelines and general principles for implementing, maintaining and managing information security in any organization, producing and using information in any form.

Organizations voluntarily seeking independent certification of their information security management systems can utilize ISO/IEC 27001:2005.

Learn how strategic standardization is helping companies build their bottom line