ISO 27001 Consultants | ISO 27001 Consulting | ISO 27001 Consultancy

Iso 27001 Consultants

Information Security Management System


About ISMS


ISO 27001 specifies a list of security requirements to be mandatorily followed by an organization and periodically reviewed for its suitability.
The main part of the standard, or more precisely the mandatory clauses 4 to 8 contain the management part of the standard - they prescribe the PDCA cycle (Plan-Do-Check-Act phases), including risk assessment and treatment, documentation control, records control, provision of resources, internal audit, management review, corrective and preventive actions, etc.

Risk Assessment


Risk assessment & treatment process is the main connection between clauses 4 to 8 and the controls defined in ISO 27001. Risk assessment is performed in order to determine the organisation's exposure to risk and determine the best way to manage this. It also helps organization to decide whether individual controls from ISO 27001 are necessary for decreasing risks or not. 



ISO / IEC 27001 Information security management systems - Requirements suggests 133 controls which contains the controls from ISO/IEC 17799:2005. Organization has to determine applicable control and define and manage those controls. The security aspects cover physical security, legal protection, human resources management, organizational issues, etc.

Requirements of ISO 27001

  •   Security policy
  •   Organization of information security
  •   Asset management
  •   Human resources security
  •   Physical and environmental security
  •   Communications and operations management
  •   Access control
  •   Information systems acquisition, development and maintenance
  •   Information security incident management
  •   Business continuity management
  •   Compliance

Benefits of Implementing ISMS

  •   Improved effectiveness of Information Security  
  •   Market Differentiation 
  •   Provides confidence to trading partners, stakeholders, and customers (certification demonstrates     'due diligence') 
  •   The only standard with global acceptance 
  •   Potential lower rates on insurance premiums 
  •   Compliance with mandates and laws (e.g., Data Protection Act, Communications Protection Act) 
  •   Reduced liability due to un-implemented or enforced policies and procedures 
  •   Senior Management takes ownership of Information Security 
  •   Standard covers IT as well as organization, personnel, and facilities

Other relevant Standards

ISO/IEC 27000 Information security management systems Overview and vocabulary
ISO/IEC 27001  Information security management systems Requirements
ISO/IEC 27002 Code of practice for information security management    
ISO/IEC 27003 Information security management system implementation guidance    
ISO/IEC 27004 Information security management Measurement
ISO/IEC 27005  Information security risk management    
ISO/IEC 27006
Requirements for bodies providing audit and certification of information security management systems
ISO/IEC 27011  Information security management guidelines for telecommunications organizations based on ISO / IEC 27002    
ISO/IEC 27031 Guidelines for information and communications technology readiness for business continuity    
ISO/IEC 27033-1 Network security overview and concepts    
ISO/IEC 27035 Security incident management    


To know more in details please write to us on or call


Recent Blogs
Iso 9001 : 2008
ISO 9001 specifies a set of requirements for a Quality Management System where...
What is Iso 27001 ?
ISO 27001 specifies a list of security requirements to be mandatorily followed by...
What is 50001 ?
ISO 50001:2011, Energy management systems ? Requirements with guidance for use, is...
Matrix has got its presence and activities in iso consultant / certification in India, Chennai, Coimbatore, Bangalore, Mumbai, Kolkata, New Delhi, Hyderabad, Ahmedabad, Pune, Tamil Nadu, Kerala, Karnataka, Andhra Pradesh.
Contact Us
No: 18, East Raja Street,
T.V.S. Nagar Main Road,
Padi,Chennai - 600050.

Cell : +91 9962590571
Tel : +91 44 42693624
Fax : +91 44 26162670
Copyright 2012, All rights reserved, matrix