+971528732160
enquiry@iascertification.com

27 Sep 2021

ISO 27001 in UAE

/
Posted By
/
Comments0

What is ISO/IEC 27001?

ISO/IEC 27001 is the international standard for information security. It specifies the requirements for an Information Security Management System (ISMS) - a framework that helps organizations that collect, process, store, or transmit information to establish, implement, operate, monitor, review, maintain, and continually improve their information security. It assures management and staff that information security risks are understood and managed.

ISO 27001 is not about choosing specific products such as firewalls or encryption tools; instead it helps an organization build and continually improve its own ISMS, selecting appropriate controls to manage the risks it faces.

Editions of ISO 27001

ISO/IEC 27001 was first published in 2005, revised in 2013, and most recently updated as ISO/IEC 27001:2022, the current edition. It is developed by the joint ISO/IEC committee ISO/IEC JTC 1/SC 27 (information security, cybersecurity and privacy protection).  

The structure of ISO/IEC 27001:2022

ISO/IEC 27001:2022 has ten clauses. Clauses 1-3 are introductory (scope, normative references, terms). The requirements an organization must meet are in clauses 4-10:

  • Clause 4 - Context of the organization
  • Clause 5 - Leadership
  • Clause 6 - Planning (including information security risk assessment and treatment)
  • Clause 7 - Support
  • Clause 8 - Operation
  • Clause 9 - Performance evaluation
  • Clause 10 - Improvement

In addition, Annex A lists 93 information security controls grouped into four themes - organizational, people, physical, and technological (reduced and reorganized from the 114 controls in the 2013 edition). Organizations select applicable controls and document them in a Statement of Applicability.  

The ISO 27000 family

ISO 27001 sits within the ISO/IEC 27000 family of information security standards. Key companions include:

  • ISO/IEC 27002 - guidance on implementing the Annex A controls (current edition 2022).
  • ISO/IEC 27003 - guidance on implementing an ISMS.
  • ISO/IEC 27004 - monitoring, measurement, analysis, and evaluation of an ISMS. 
  • ISO/IEC 27005 - guidance on managing information security risks.
  • ISO/IEC 27006 - requirements for bodies that audit and certify ISMS.

For more info about ISO 27001 contact us  or mail to enquiry@iascertification.com.

Visit our frequently asked questions to learn more!

Explore more

To Enroll
Contact Us
+971
Enquiry Type
Enquiry Other
Training
-- Select Product Name --
-- Please select Product Type & Category first --
-- Select Product Scheme --
-- Select Process Scheme --
Specified details *
captcha
Note: For clarity on Process and Product certification schemes, please refer this website menu.

Leave a Reply