Before explain the ISO 27001, I’d like to talk about ISMS.
ISMS means Information Security Management System, which describes and demonstrates organisation’s approach to Information Security. It includes how people, policies, controls and systems identify, then address the opportunities and threats revolving around valuable information and related assets.
Then comes ISO 27001, which is the international standard for an ISMS.
ISO/IEC 27001 is a part of the ISO/IEC 27000 family of standards, of which the last version was published in 2013, with a few minor updates since then. It is published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) under the joint ISO and IEC subcommittee, ISO/IEC JTC 1/SC 27.
It is developed to provide a model for establishing, implementing, operating, monitoring, reviewing,
maintaining and improving an information security management system. The specification defines a six-part planning process:
The specification includes details for documentation, management responsibility, internal audits, continual improvement,
and corrective and preventive action.27001:2005 applied the Plan-Do-Check-Act (PDCA) cycle to all the processes in ISMS.