Background

ISO 27001 provides requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS). The adoption of an ISMS is a strategic decision for an organization. The establishment and implementation of an ISMS is influenced by the organization’s needs and objectives, security requirements of interested parties, the processes used and the organizational size and structure maintained, all of which can change over time.

A sound ISMS and Statement of Accountability preserves the confidentiality, integrity and availability of information by applying a risk management process and gives confidence to interested parties that risks are adequately managed.