Certified Companies Policy · Open Information Transition to ISO 9001/14001:2015 CONTACT US
English Japanese Korean
About EQA
ISO Certification & Standards
Greenhouse Gas Verification
IRCA Training Course · Open Education
Product Inspection
CE Mark & Product Certification
EQA NETWORK
 
Home  > ISO Certification & Standards > iso27001
 
   Structure of ISMS (ISO 27001)
1. Information security management system
  - General requirements
  - Establishing and managing the ISMS
  - Documentation requirements
2. Management responsibility
  - Management commitment
  - Resource management
3. Internal ISMS audits
4. Management review of the ISMS
  - General
  - Review input
  - Review output
5. ISMS improvement
- Continual improvement
- Corrective action
- Preventive action
 
Annex A Control objectives and controls
Annex B OECD principles and this International Standard
Annex C Correspondence between ISO 9001:2000, ISO 14001:2004 and this International Standard

 
   Major terms of ISMS (ISO 27001)
Information Like other important assets, an asset which offer organization value and continuously requires the proper protection
Confidentiality Ensuring information is accessible only to those authorized to have access
Integrity Safeguarding the accuracy and completeness of information and processing methods
Availability Ensuring only authorized users have access to information and associated assets when required
Vulnerability Risk that affects on assets though weakness/loophole, vulnerability itself is not harmful.
Security Risk Potential risk that causes vulnerability, brining damage in an asset or information asset group
Risk Assessment Assessment of threats to, impacts on and vulnerabilities of information and information processing facilities and the likelihood of their occurrence.
Risk Management Process of identifying, controlling and minimizing or eliminating security risks that may affect information systems, for an acceptable cost.. ISMS - Information System Management System
   Necessity for ISMS (ISO 27001)
Increase of dependency on information processing by Information system in every sector of the society
Increase of loss due to lack of information system protection measures
Increase of needs due to environmental change such as development of information system and inter-connection of Open-type system
Difficulty in effectively counteracting information risks due to sophistication and diversification of electronic invasion
Increase of user requirements for information security
Possibility of international information security standard being invisible technology barriers in international trading as it is published.
   General of ISMS (ISO 27001)
ISMS is a comprehensive set of controls that identify and minimize the threats to valuable information of organizations. It defines ISMS requirements like development, establishment and documentation. Since it was first published by English Department of Trade and Industry in 1995 and revised in 1999. As International Standards Organization (ISO) recognized it as the international standard in December 2000, it became the internationally notable certification standard in information security sector.