ISO/IEC 27001- Business Directory
Information security management system according to ISO 27001 is documented system proving that the identified assets are protected, information security risks are managed, measures are in place with the required level of assurance and controlled. The aim is to reduce risks arising from the analysis of the organization, and have in place measures to ensure that risks are tolerated far managed and controlled. For assets are considered not information occurring within the organization (customer, technology, financial flows organizations on product / service organization, etc.), But also a physical tangible assets affecting the security of the organization as such (eg. Key mode organizations , security and protection of the organization's use of allocated objects organization (PC, mobile), and so on.).
The standard is very compatible and variable, so it is possible to implement it (introduce) for any type of organization (production, service provision, commerce, design and development of software, etc.). Norma takes equally into account the requirements of stakeholders, external and internal contexts and demands of customers, owners, suppliers that need to be incorporated into the internal control system.