ISO 27001:2005 Information Security Management Sytem (ISMS)

ISO 27001, titled "Information Security Management - Specification With Guidance for Use", is the replacement for BS7799-2. It is intended to provide the foundation for third party audit, and is 'harmonized' with other management standards, such as ISO 9001 and ISO 14001.

The basic objective of the standard is to help establish and maintain an effective information management system, using a continual improvement approach. It implements OECD (Organization for Economic Cooperation and Development) principles, governing security of information and network systems.

The Contents of the Standard?
The broad content is of course similar to the old BS7799. Included is:
1.Cross reference with ISO 17799 controls
2.Use of PDCA
3 Information Management System
4. Tems and definitions

ISO 27001 Certification
As with BS7799-2, a robust audit and certification scheme supports the standard. For those already certified against BS7799, accredited certification bodies will establish transitional arrangements. More detail and explanation is available on our specific certification page

The ISO 27000 Series
The final version of ISO 27001 was published in October 2005 to a great fanfare. It should be noted, however, that this is in fact only the first of a series of standards to support information security. Having stated this, it may well be the most important, at least from a 'top down' perspective, as it defines the information security management system

Requirement of QMS:

  • Products Description
  • Establishing Policy
  • Planing
  • Implementation of Plan & Programme
  • Quality Records & Documentation
  • Management Review


Benefits of QMS:

  • Improve Credibility & enhances customer confidence.
  • Reduce the need for multiple assessments
  • Provides opportunity for continuous improvement through regular audits
  • Provided more avenues for trade in the global market