IT risk management

ISO 27001 IT security management standard

Guide

ISO 27001 is an international standard that describes best practices for information security management systems. It belongs to a 27000 family of standards, all of which aim to help keep your business' information assets secure.

ISO 27001 controls

The standard specifies controls that are key to maintaining security. These cover (amongst other things):

security policy - what an information security policy is, what it should cover and why your business should have one
organisational security - how you should manage information security in a business.
asset classification and control - eg how to audit and manage information itself, computers, software and services
staff security - eg training, responsibilities, vetting procedures, and response to incidents
physical and environmental security - eg keeping key locations secure as well as physical control of access to information and equipment
communications and operations management - secure operation of information processing facilities during day-to-day activities, especially computer networks
access control - right to use information and systems based on business and security needs, specifically controlling who can do what with your information resources
system development and maintenance - if you develop your own software, you will need to consider its design and maintenance to keep it secure and maintain information integrity
business continuity management - ie the maintenance of essential business activities during adverse conditions, from coping with major disasters to minor local issues
compliance - with relevant national and international laws

Like other ISO management system standards, you can certify your business to ISO/IEC 27001, but certification isn't mandatory.

You may choose to implement the standard in order to benefit from the best practice it contains, or you may wish to certify to reassure customers and clients that you follow information security management best practices.

See more on standards for best business practice.

Printer-friendly version

Actions

ISO 27001 information and benefits

NCSC: Risk management guide

Invest NI's ICT support for business

Also on this site

Make best use of standards

Quality management standards

Best practice in business

Guides
- Find guides by sector
- Find guides by theme
  - Starting a business
    - Before you start your business
      - Considering starting a business
      - Start-up business ideas
    - Start your business
    - Running your start-up business
    - Grow your start-up business
      - Trade with other countries
      - Take steps to grow your business
  - Finance
    - Find local finance
      - Northern Ireland business support finder
    - Raising finance
    - Managing finance
    - Financial difficulty
      - Managing financial difficulty
  - Taxes
    - Business tax
    - Self-employed and tax
      - Setting up as self-employed and tax
      - Help and support for the self-employed
    - PAYE and payroll
      - PAYE and payroll for employers
    - Keeping records for business
      - Record-keeping
    - Excise duties
    - Industry-specific taxes
    - Complying with European law
    - Contact or deal with HM Revenue & Customs (HMRC)
    - Companies House returns, accounts and other responsibilities
    - Business changes
      - Making changes to your business
    - Selling, closing or restarting your business
    - Accountants and tax advisers
  - Employment and skills
    - HR documents and templates
    - Recruitment
    - Employment documents and policies
      - Staff documents and employment policies
    - Pay, pensions and minimum wage
    - Manage people
    - Holidays, statutory leave and time off
      - Holiday, other leave and sickness
      - Maternity, paternity, adoption and parental leave
    - Performance, training and development
    - Resolve conflict and staff leaving
      - Problems at work
      - Dismissals and staff leaving
  - Health and safety
    - Coronavirus (COVID-19): Staying safe at work
    - Health and safety basics
      - Protecting your business
    - Health and safety made simple
    - Make your business safer
      - Managing the welfare of people
      - Safer ways of working
  - Efficiency and environment
    - Environmental action to improve your business
    - Reduce, reuse, recycle your business waste
    - Resource efficiency
    - Reducing your environmental impact
    - Environmental guidance by business sector
  - Business premises and rates
    - Choosing the right business property
    - Rates for non-domestic properties
      - Business rates
    - Property management and costs
    - Adapting and improving your property
      - Make your property more efficient
      - Disabled access and facilities in business premises
  - Innovation and R&D
    - Product and service development
      - Developing products and services
      - Research and development
    - Design and business innovation
      - Use innovation in your business
      - Design for business success
    - Intellectual property
      - Intellectual property for business
      - Patents, trade marks, copyright and design
  - Sales and marketing
    - Business contracts and fair competition
    - Consumer rights and protection
    - Marketing your business
    - Product safety
    - Sales laws
    - Know your customers
    - Maximise your sales
  - IT
    - IT basics
      - Introduction to IT
      - Choosing suppliers
    - Software and technology solutions
      - Software and business applications
      - Communications
    - Getting online
      - Create and manage a website
      - E-commerce
    - Security and data protection
      - Data protection and legal issues
      - IT security and risks
  - Exporting and importing
    - Basics of importing and exporting
    - Choosing a market
      - Doing business in the EU
      - Trading with countries outside the EU
    - Procedures and licences
    - Sector overviews and regulations
    - Moving your goods
    - Customs declarations
      - National Clearance Hub
  - Grow your business
    - Prepare for growth
      - Assessing current performance
      - Planning business growth
    - Strategies for growth
    - Finance and logistics
      - How to grow your business
      - Financing growth
    - Managing growth
      - Leading staff through growth
      - Manage business risks
  - Buy or sell a business
    - Acquiring a business
    - Selling your business
    - Exiting and transferring your business
      - Businesses in difficulty
      - Transferring your business
Resources
News
Events