ISO 27001 is the international standard that describes best practices for an Information Security Management Systems(ISMS). It’s based on a set of controls and measures, which organizations can use to achieve information security.
Interested in the ISO 27001 process? We have an entire ISO 27001 beginner’s guide to get you started.
The ISO 27001 standard requires that you have procedures in place to cover aspects of the ISMS, including:
- Information security risk management (What are the risks you face and how do you treat those risks?)
- Monitoring, measurement, analysis, and evaluation (How is the effectiveness of the information security management system evaluated?)
- Improvement (How are nonconformities evaluated and corrected?)
Read the full beginner’s guide here or drop your questions in this part of the community.