Logo Certiquality

The ISO27000 standards provide generally accepted good practice guidance on Information Security Management Systems designed to protect the confidentiality, integrity and availability of the information content and information systems on which we all depend.

ISO/IEC 27000 consists of two parts:

- ISO/IEC 27001:2005 is the formal standard against which organizations may seek independent certification of their Information Security Management Systems.

- ISO/IEC 27002:2005 is the Code of Practice for information security.

The standard ISO/IEC 27001:2005 covers all types of organizations (e.g. commercial enterprises, government agencies and non-profit organizations).

It specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented ISMS within the context of the organization’s overall risk management processes.

It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof.