ISO 27001 Foundation EN D1 - EX 1

ISO/IEC 27001:2013 is structured in line with ISO 9001:2000

ISO/IEC 27002:2013 does not specify technology

ISO/IEC 27004:2016 provides guidelines intended to assist organizations in evaluating the information security performance and the effectiveness of an information security management system.

An ISMS is a part of the overall management system that operates, monitors, reviews, maintains and improves information security.

One of the best methods for reducing risks to the data of an organization is to implement a program that establishes an information security governance framework.

ISO/IEC 27001:2013 is a methodology that includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization.

Thanks to the integrated P-D-C-A approach, an ISMS produces, with the necessary actions and processes, the information security results that meet the requirements and expectations

Access Control (A.9) is one of the 12 control objectives of an ISMS, according to Annex A.

According to ISO/IEC 27001:2013, the four main steps in an ISMS implementation are: 1- Understanding organization’s needs, 2- implementing and operating controls and measures, 3- monitoring and reviewing performance of the ISMS, 4- continuously improving the ISMS

Information security responsibilities include establishing a set of business processes that will protect information assets regardless of how the information is formatted