ISMS

ISMS - Information Security Management Systems

Information is an asset, which, like other important business assets, adds value to an organization and consequently needs to be protected.  Information security protects information from a wide range of threats in order to ensure business continuity, minimize business damage and maximize return on investments and business opportunities.

The implementation of ISO/IEC 27001:2005 will reassure customers and suppliers that information security is taken seriously within the organizations they deal with because they have in place state-of-the-art processes to deal with information security threats and issues.

ISO/IEC 27001:2005 integrates the process-based approach of ISO's management system standards ISO9001:2000 and ISO 14001:2004 including the Plan-Do-Check-Act (PDCA) cycle and requirement for continual improvement.

ISO/IEC 27001:2005 can be used by a broad range of organizations small, medium, and large.  In most of the commercial and industrial market sector: finance and insurance, telecommunications, internet service provider, data centre, bank, airline, transportation, and manufacturing sectors.

Organization that so wish can have their information security management system independently certified as conforming to the requirements of ISO/IEC 27001:2005, although certification is not a requirement of the standard.