ISO/IEC 27001:2005

Information technology — Security techniques — Information security management systems — Requirements

WITHDRAWN

About this standard

Languages
English and French
Type
International Organization for Standardization (ISO)
Standards committee
ISO/IEC JTC 1/SC 27 (Information security, cybersecurity and privacy protection)
Status
WITHDRAWN
Publication date
14 October 2005
Replaces
ISO/IEC FCD 24743
Replaced by
ISO/IEC 27001:2013
ICS Code
03.100.70 (Management systems)
35.030 (IT Security)
Withdrawn Date
Price
€ 68,25

About this training

Summary

ISO/ IEC 27001:2005 covers all types of organizations (e.g. commercial enterprises, government agencies, not-for profit organizations). ISO/ IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization' s overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof.


ISO/ IEC 27001:2005 is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties.


ISO/ IEC 27001:2005 is intended to be suitable for several different types of use, including the following:


  • use within organizations to formulate security requirements and objectives
  • use within organizations as a way to ensure that security risks are cost effectively managed
  • use within organizations to ensure compliance with laws and regulations
  • use within an organization as a process framework for the implementation and management of controls to ensure that the specific security objectives of an organization are met
  • definition of new information security management processes
  • identification and clarification of existing information security management processes
  • use by the management of organizations to determine the status of information security management activities
  • use by the internal and external auditors of organizations to determine the degree of compliance with the policies, directives and standards adopted by an organization
  • use by organizations to provide relevant information about information security policies, directives, standards and procedures to trading partners and other organizations with whom they interact for operational or commercial reasons
  • implementation of business-enabling information security
  • use by organizations to provide relevant information about information security to customers.