Certification
our services
market sectors
getting started
news
DNV.com
about us
contact us
find us
careers
sitemap
DNV Australia & New Zealandcertificationmanagement systemsinformation security
management systems
 
 
ISO/IEC 27001

An ISO/IEC 27001 certificate proves that your Information Security Management System has been certified against a best practice standard and found compliant. Issued by a third party certification body/registrar, the certificate proves that you have taken necessary precautions to protect sensitive information against unauthorised access and changes.

The standard adopts a process approach for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an organisation’s Information Security Management System.

ISO/IEC 27001 is established by the International Organisation for Standardisation (ISO) and is the standard used for certification. It replaces BS 7799 and provides an international Information Security Management System standard. Based on BS 7799, it has been reorganised to align with other international standards. Some new controls have been included, i.e. the emphasis on information security incident management and OECD principles.

The standard also draws upon other standards like ISO/IEC 17799:2005, ISO/IEC 13335-1:2004, ISO/IEC TR 13335-3:1998, ISO/IEC TR 13335-4:2000, ISO/IEC TR 18044:2004 and “OECD Guidelines for Security of Information Systems and Networks – Towards a culture of security” that provide guidance for implementing information security.

Protecting your assets
The standard takes a comprehensive approach to information security. Assets that need protection range from digital information, paper documents, and physical assets (computers and networks) to the knowledge of individual employees. Issues you have to address range from competence development of staff to technical protection against computer fraud.

ISO/IEC 27001 will help you protect your information in terms of:

  • Confidentiality ensures that information is accessible only to those authorised to have access.

  • Integrity safeguards the accuracy and completeness of information and processing methods.

  • Availability ensures that authorised users have access to information and associated assets when required.

In line with other management system standards
ISO/IEC 27001 is aligned with other management systems, and supports consistent and integrated implementation and operation with related management standards. The result is:

  • Harmonisation with management system standards like ISO 9001 and ISO 14001.

  • Emphasis on continual process improvement of your information security management system.

  • Clarification of requirements for documentation and records.

  • Involved risk assessment and management processes using a Plan, Do, Check, Act (PDCA) process model.

Where do I go from here?
For third party certification, you need to implement an effective Information Security Management System complying with the requirements of the standard. The first step is to get on the road to certification.
SEARCH
SHORTCUTS
make an enquiry
Road to Certification
RELATED INFO
  links:
Meet our clients
BSI on BS 7799/ISO 27001
  downloads:
Management Systems brochure (pdf)
OECD guidelines (pdf)
   
top of page

Print this page
Print this page
privacy statement | © 2009 det norske veritas | terms of use