Information of any organization must be always kept safe and far from reach of hackers, stealers. So, ISO 27000 family of standards is all about information security. This article will explain you in further details.
What do you mean by ISO 27000 series of standards?
There are series of best particles which help the organizations to improve their information security which is known as ISO 27000 series or the ISO/IEC 27001 family of standards.
Published by the International organization for standardization (ISO) and the International Electro technical Commission (IEC). It explains the implementation process of the best practice information security practices.
There are ISMS (Information Security Management System) requirements which are considered by this.
There is systematic approach to risk management. It is known as ISMS containing the means that address the three pillars of information security. These pillars are people process and technology.
In this series there are 46 individual standards which include ISO 27000. This provides an instruction to the family and also clarifies key terms and definition. There is no comprehensive understanding of ISO Certification needed to see how this works and some might not be suitable for your organization. But there are some points that you must be familiar with.
What is ISO 27001?
The central standard in the ISO 27000 series is ISO 27001 which contains the requirement of ISMS.
This part is very much important to take note on as ISO IEC 27001:2013 is the one and only standard in this series that organizations can be audited and certified against.
The main reason behind this is the involvement of every points to achieve compliance, which is further expanded into following standards.
ISO 27002
Next come the supplementary standard which helps in providing the overview of information security controls that might be chased by the organizations to implement.
The controls should be adopted by the organization according ti their relevancy which may be useful during a risk assessment.
In Annex A of ISO 27001 the controls are mentioned. But this may be a quick rundown and the more comprehensive overview explaining the working of control, what the objective is and how can it be implemented is explained in ISO 27002.
What is ISO 27017 and ISO 27018?
These are also the supplementary ISO standards which are published in 2015. This explains about the procedure to be followed by an organization to protect the sensitive information in the cloud.
As per current situations organizations have been transferring their sensitive information to online servers, this standard has become more important.
Generally, ISO 20017 is the code of practice which explains about the proper usage of controls mentioned in the Annex A so that the information stored in the cloud may be protected.
You have separate choice to treat as different set of controls under ISO 27001 so that you are able to take certain controls from the Annex A and set controls from ISO 27010 for data in the cloud.
ISO 27018 also works in the similar fashion but it takes extra consideration of the personal data.
What is ISO 27701?
There is new standard in the series explaining about the steps organizations must follow while implementation a PMIS (Privacy Information Management System) which is known as ISO 27701.
In response to the General Data Protection Regulation (GDPR) this standard was created which gives instruction to the organizations during the adoption of proper technical and organizational measures for the protection of the personal data but it doesn
