ISO 27001 Request for Information
The ISO 27001 Standard
ISO/IEC 27001 is intended to be used with ISO/IEC 27002, the Code of Practice for Information Security Management, which lists objectives, controls, and implementation guidelines. Organizations that implement an ISMS in accordance with ISO/IEC 27002 are likely to also meet the requirements of ISO/IEC 27001. This ISO standard is the first in a family of information security related standards which are assigned numbers in the 27000 series. They include:
- ISO/IEC 27000 – a vocabulary or glossary of terms used in the ISO 27000-series standards
- ISO/IEC 27002 – the code of practice
- ISO/IEC 27003 – the ISMS implementation guide
- ISO/IEC 27004 – the standard for information security measurement and metrics
- ISO/IEC 27005 – the standard for risk management
- ISO/IEC 27006 – the guide to the certification process
- ISO/IEC 27007 – the guide for information security auditing
- ISO/IEC 27010 – the guide for inter-sector and inter-organizational communications
- ISO/IEC 27011 – the guide for telecomms based organizations
- ISO/IEC 27019 – the guide for process control systems in the energy utility industry
- ISO/IEC 27799 – Healthcare informatics – Information security in healthcare organizations
Control Objectives and Controls
In addition to the clauses of the ISO/IEC 27001 standard, minimum control objectives and controls are located in the Annex (i.e. Annex A Controls). Minimally, these objectives and controls shall be a part of the ISMS. Additional objectives and controls may be necessary, depending on legal and regulatory, customer, and the organization’s requirements.