ISO/IEC 27001:2005 Information Security Management

INFORMATION SECURITY MANAGEMENT

BSI provides assessment, certification and training services for ISO/IEC 27001
Overview
Information is critical to the operation
and, in extreme cases, to the survival of
your organization. Using an Information
Security Management System (ISMS) and
certifying it against the best practice
standard, ISO/IEC 27001, will help you to
manage and protect your information
assets.
ISO/IEC 27001 is based on, and replaces,
the internationally recognized British
Standard, BS 7799 and it aligns with other
international standards, including the
OECD guidelines for implementing
information security and the Code of
Practice standard, ISO/IEC 17799.

ISO/IEC 27001 defines the requirements

for an ISMS. The standard is designed to
ensure that you select adequate and
proportionate security controls which help
you to protect information assets and to
give confidence to interested parties
including your customers.

Who is it for?
ISO/IEC 27001 is suitable for any
organization, large or small, in any sector
or part of the world. The standard is
particularly suitable where the protection
of information is important to your
organization.

ISO/IEC 27001 is not an IT only

standard; information is an
organizational asset. The standard
has no technology requirements;
although there are IT related controls
as the majority of information is held
on your IT systems.

ISO/IEC 27001 is also highly effective if

you manage information on behalf of
others. For example, if you are an IT
outsourcing organization, the standard
can be used to assure your customers that
their information is being properly
controlled and protected.

BENEFITS
A common framework
Provides a common framework enabling you to develop,
implement, and effectively measure information security
management practices.
A risk based approach
Provides a risk-based approach to help plan and implement an
ISMS resulting in an appropriate and affordable level of
organizational security.
Structured and proactive
Provides a structured and proactive approach to establishing an
ISMS.
Asset protection
Ensures the right people, processes, procedures and technologies
are in place to protect information assets.
Independent assurance of controls
Demonstrates independent assurance of your internal controls
therefore meeting corporate governance and business continuity
requirements.

raising standards worldwide

Information protection
Protects information in terms of confidentiality, integrity and
availability.
Independent demonstration
Independently demonstrates that applicable laws and regulations
are observed.
A competitive edge
Provides a competitive edge by meeting contractual requirements
and demonstrating to your customers that the security of their
information is paramount.
Independent verification
Independently verifies that your risks are properly identified,
assessed and managed, while formalizing information security
processes, procedures and documentation.
Facilitates continuous improvement
The regular assessment process helps you continually monitor
and improve your ISMS.

Assessment and Certification

BSI is independently accredited to certify
your organization to ISO/IEC 27001. Our
auditing capabilities are globally
recognized for providing a value added
service. Our auditors are highly qualified,
full-time professionals with information
security expertise.

Training
We provide comprehensive
ISO/IEC 27001 training from a one-day
introductory course to implementation
and lead auditor courses. We offer
onsite training, e-learning, and public
training at a range of locations For the
latest information visit:
www.bsiamericas.com/infosectraining

Standards and Publications

We offer a wide range of guidance
documents and support publications, as
well as the standard itself, to help you
through certification and beyond.
These items can be found online at:
www.bsiamericas.com/infosecurity

A BSI assessment provides independent

verification of your ISMS while enabling
you to benchmark your system against a
proven standard.

BSI SERVICES SUMMARY

ISO/IEC 27001 is the only
internationally accepted
auditable standard for
information security
management.

Information and guidance

Standards and publications
Customer events
Training public, onsite and e-learning
Management systems gap analysis, second party audits,
assessment, certification, continual assessment

For further information on BSIs

ISO/IEC 27001 services, visit
www.bsiamericas.com/infosecurity

Business improvement tools

BSI Management Systems

12110 Sunset Hills Road, Suite 200
Reston, VA 20190-5902
USA
Tel: 1 800 862 4977
Fax: 1 703 437 9001
Email: inquiry.msamericas@bsi-global.com
www.bsiamericas.com

BSI Management Systems Canada

6205 Airport Road, Suite 102
Mississauga, ON
L4V 1E1
Canada
Tel: 1 800 862 6752
Fax: 416 620 9911
Email: inquiry.canada@bsi-global.com

The BSI certification mark can be used on your stationary, literature

and vehicles when you have successfully achieved certification.

BSI Group:

Standards

Information

Training

Inspection

Testing

Assessment

Certification

BSI/USA/113/MS/0307/E

How can we help?