ISO 27001 in UAE
What is ISO/IEC 27001?
ISO/IEC 27001 is the international standard for information security. It specifies the requirements for an Information Security Management System (ISMS) - a framework that helps organizations that collect, process, store, or transmit information to establish, implement, operate, monitor, review, maintain, and continually improve their information security. It assures management and staff that information security risks are understood and managed.
ISO 27001 is not about choosing specific products such as firewalls or encryption tools; instead it helps an organization build and continually improve its own ISMS, selecting appropriate controls to manage the risks it faces.
Editions of ISO 27001
ISO/IEC 27001 was first published in 2005, revised in 2013, and most recently updated as ISO/IEC 27001:2022, the current edition. It is developed by the joint ISO/IEC committee ISO/IEC JTC 1/SC 27 (information security, cybersecurity and privacy protection).
The structure of ISO/IEC 27001:2022
ISO/IEC 27001:2022 has ten clauses. Clauses 1-3 are introductory (scope, normative references, terms). The requirements an organization must meet are in clauses 4-10:
- Clause 4 - Context of the organization
- Clause 5 - Leadership
- Clause 6 - Planning (including information security risk assessment and treatment)
- Clause 7 - Support
- Clause 8 - Operation
- Clause 9 - Performance evaluation
- Clause 10 - Improvement
In addition, Annex A lists 93 information security controls grouped into four themes - organizational, people, physical, and technological (reduced and reorganized from the 114 controls in the 2013 edition). Organizations select applicable controls and document them in a Statement of Applicability.
The ISO 27000 family
ISO 27001 sits within the ISO/IEC 27000 family of information security standards. Key companions include:
- ISO/IEC 27002 - guidance on implementing the Annex A controls (current edition 2022).
- ISO/IEC 27003 - guidance on implementing an ISMS.
- ISO/IEC 27004 - monitoring, measurement, analysis, and evaluation of an ISMS.
- ISO/IEC 27005 - guidance on managing information security risks.
- ISO/IEC 27006 - requirements for bodies that audit and certify ISMS.
For more info about ISO 27001 contact us or mail to enquiry@iascertification.com.
Visit our frequently asked questions to learn more!
Explore more
- ISO 27001 Certification in UAE - information security management certification
- ISO 27001 Lead Auditor Training in UAE - build auditing expertise
- ISO 22301 in UAE - business continuity, often paired with information security