ISO/IEC 27001,part of the growing ISO/IEC 27000 series of standards, is an Information Security Management System (ISMS) standard published in October 2005 by the International Organization of Standardization (ISO) and the International Electro technical Commission (IEC). Its full name is ISO/IEC 27001:2013 - information technology.- security techniques.
ISMS - Requirements but it is commonly known as 'ISO 27001'.ISO/IEC 27001 certification process usually involves a three stage audit process.
Stage 1: is a "table top" review of the existence and completeness of key documentation such as the (SOA) and Risk Treatment Plan (RTP)
Stage 2: is a detailed, in depth audit involving testing the existence and effectiveness of the information security control stated in the SOA and RTP, as well as their supporting documentation.
Stage 3: is a follow-up reassessment audit to confirm that a previously - certified organization remains in compliance with the standard certification maintenance involves periodic reviews and re-assessments to confirm that the ISMS continues to operate as specified and intended.
ISO/IEC 27001:2013 covers all types of organization [E.g. Commercial enterprises, government agencies, not for profit organizations). ISO/IEC - 27001:2005 specified the requirements for establishing, implementing, operating, and monitoring, reviewing, maintaining system within the context of the organization's overall business risk. It specifies requirements for the implementation of security controls customized to the needs of individual organizations (or) parts thereof.
ISO/IEC 27001:2013 is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties.
ISO/IEC 27001:2013 is intended to be suitable for several different types of use, including the following: