Overview

Certification to ISO 27001 mandates the establishment and maintenance a documented ISMS. Whilst the use of an ISMS is not mandated for implementing adequate security using ISO 27002, it is seen as a 'good thing' as it focuses the application of information security to a specific area and uses risk management to determine the appropriate level of information security to be implemented.

There are a number of steps to establishing the ISMS, and these are shown below with the steps needed for an organisation to start implementing ISO 27001 though to certification.

Figure 1 - Overview of ISO 27001 certification process

The ISMS reflects the organisation's approach to risk assessment and risk management, the level of risk that the organisation is willing to be exposed to and the controls to be implemented.

An Introduction To Information, Network and Internet Security
Overview Certification to ISO 27001 mandates the establishment and maintenance a documented ISMS. Whilst the use of an ISMS is not mandated for implementing adequate security using ISO 27002, it is seen as a 'good thing' as it focuses the application of information security to a specific area and uses risk management to determine the appropriate level of information security to be implemented. There are a number of steps to establishing the ISMS, and these are shown below with the steps needed for an organisation to start implementing ISO 27001 though to certification. Figure 1 - Overview of ISO 27001 certification process The ISMS reflects the organisation's approach to risk assessment and risk management, the level of risk that the organisation is willing to be exposed to and the controls to be implemented.	The Security Practitioner An Introduction to Information Security
Return To An Introduction to Information Security