ISO 27001 is an international information security standard for setting up and maintaining an information security management system (ISMS).
Its full name is ISO/IEC 27001:2005, and the standard specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System (ISMS). It specifies requirements for the management of the implementation of security controls.
ISO 27001:2005 is intended to be used with ISO 17799:2005, a security code of practice, which offers specific security controls to select from.
ISO 27001 Resource Centre
This Internet resource provides information on: