Through the implementation of the information security management system – ISMS, a security system is established that provides protection of confidentiality, integrity and availability of information in the business information environment. ISMS stands for a set of policies related to information system security.
ISO 27001 defines security controls to be implemented but the methods of their implementation depend primarily on the environment and requirements of the organization.
ISO 27001 is related to the security of data stored or transferred through all formats – printed, electronic, postal, audio-visual and verbal. It is applicable in companies of all sizes and in a single department of a company. As the certificate requires audit every year and recertification every third year, introduction of ISO 27001 means a continuous process requiring constant monitoring and improvements.