Where does ISO/IEC 27001 fits

ISO 27001 is a part of the bigger ISO/IEC 27000 family of standards – Information security management systems. The ISO/IEC 27000 family of standards assists commercial and governmental organizations in keeping their information assets secure.

Usage of the ISO 27000 family of standards helps the organization manage the security of various assets such as financial information, intellectual property, employee details or information entrusted to you by third parties.

ISO/IEC 27001 is the best-known standard in the family providing requirements for an information security management system (ISMS).

The last version of ISO 27001 is from few years ago – 2013m thus the naming convention of the current one is ISO/IEC 27001:2013.

It describes the best practices for information security management system and its purpose is to protect the confidentiality, integrity and availability of the information in a company. This is being addressed by discovering potential problems related to the information (i.e., risk assessment), and then defining what must be done in order to prevent those problems from happening.

Therefore, the main philosophy of ISO 27001 is based on managing risks: find out where the risks are, and then systematically treat them via applying proper control measures.