ISO/IEC 27001 is a standard that specifies requirements for an Information Security Management System (ISMS). The standard has 10 domains or sections, which are:
Scope: This domain defines the boundaries and applicability of the ISMS 27001, and identifies the assets that need to be protected.
Normative references: This domain lists the other standards and guidelines that are referenced in ISO 27001.
Terms and definitions: This domain provides definitions of key terms used in the standard.
Context of the organization: This domain requires organizations to identify their internal and external context, their interested parties, and their information security risk assessment methodology.
Leadership: This domain specifies the requirements for management commitment, policy, roles, responsibilities, and authorities for the ISMS.
Planning: This domain requires organizations to plan for risk assessment, risk treatment, risk acceptance, and risk communication.
Support: This domain covers the requirements for resources, competence, awareness, communication, and documentation of the ISMS.
Operation: This domain covers the requirements for operational planning and control, information security risk assessment, treatment, monitoring, and review.
Performance evaluation: This domain covers the requirements for monitoring, measurement, analysis, evaluation, and internal audit of the ISMS ISO27001.
Improvement: This domain covers the requirements for nonconformity and corrective action, continual improvement, and management review of the ISMS.
These domains provide a comprehensive framework for designing, implementing, maintaining, and improving an ISMS in any organization. They help organizations to protect their valuable information assets from a wide range of threats and risks.
Comments