DIN EN ISO/IEC 27001 Certifiation

The DIN EN ISO/IEC 27001:2017 standard specifies the requirements for the establishment, implementation, maintenance and continuous improvement of a documented information security management system, taking into account the context of an organization. In addition, the standard includes requirements for the assessment and treatment of information security risks according to the individual needs of the organization. Organizations of any kind (e.g. commercial enterprises, government organizations, non-profit organizations) can be certified according to ISO/IEC 27001:2017.

ISO/IEC 27001:2017 is applicable to various areas, in particular

• identification and definition of existing information security management processes
• formulation of information security requirements and objectives
• cost-efficient management of security risks
• ensuring compliance with laws and regulations
• as a process framework for the implementation and management of measures to ensure specific information security objectives
• definition of new information security management processes
• for use by internal and external auditors to determine the degree of implementation of guidelines and standards