It provides a specification for an information security management system (ISMS), which is a systemic approach to managing and securing sensitive information.
This usually comprises a framework of policies and procedures relating to how that information is managed. This covers all aspects of the business’ risk management processes, including legal, technical and physical factors. People, processes and IT systems are all covered by the system.
The documentation for the standard states that it will "provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system”.
ISO 27001 contains 12 main sections that an applicant needs to address. They are:
As mentioned above, ISO 27001 is the closest quality assessment standard for web hosting-related activities. As such, it is also the closest thing to quality assurance when looking for a new web host.
If you hosting company has achieved ISO 27001 certification, you know they are taking seriously the way they handle, store and secure your sensitive data.
The ISO 27001 documentation details a six-part planning process for companies seeking ISO 27001 certification. They are:
ISO 27001 is geared up towards the constantly changing technological landscape. Continual improvement to the information security management system is one of the aspects of the standard that has to be documented within its policies and procedures.
The documentation confirms that an organisation’s needs and objectives, security requirements, processes, size and structure are expected to change over time. It also includes management responsibility, internal audits, continual improvement, and corrective and preventive action.
