ISO/IEC 27001 Information security, cybersecurity and privacy protection — Information security management systems — Requirements
ISO/IEC 27001 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. ISO/IEC 27001 also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization.
The information security management system preserves the confidentiality, integrity and availability of information by applying a risk management process and gives confidence to interested parties that risks are adequately managed.
It is important that the information security management system is part of and integrated with the organization’s processes and overall management structure and that information security is considered in the design of processes, information systems, and controls. It is expected that an information security management system implementation will be scaled in accordance with the needs of the organization
ISO/IEC 27001:2022 Information Security, Cybersecurity And Privacy Protection – Information Security Management Systems – Requirements
ISO/IEC 27000 describes the overview and the vocabulary of information security management systems, referencing the information security management system family of standards (including ISO/IEC 27003, ISO/IEC 27004 and ISO/IEC 27005), with related terms and definitions.