The ISO/IEC 27001:2005 standard is the most used Information Security standard. Certification of implementation of the ISO/IEC 27001:2005 standard is available through ISO-partners.
The standard details the following subjects.
- Information technology
- Security techniques
- Information security management systems
ISO27001 describes the implementation and requirements of the Information Security Management System within organisations. It focuses on the management of information security, while the related standard, ISO27002:2007, provides a control framework for implementing security measures. Certification on ISO27001 usually means the ISO27002:2007 framework has been used as a code of practice for implementation. Certification in ISO27002:2007 is not possible.