DIN Standards Committee Information Technology and IT Applications
DIN EN ISO/IEC 27001
Information technology - Security techniques - Information security management systems - Requirements (ISO/IEC 27001:2013 including Cor 1:2014 and Cor 2:2015); German version EN ISO/IEC 27001:2017
Informationstechnik - Sicherheitsverfahren - Informationssicherheitsmanagementsysteme - Anforderungen (ISO/IEC 27001:2013 einschließlich Cor 1:2014 und Cor 2:2015); Deutsche Fassung EN ISO/IEC 27001:2017
Overview
This standard is applicable to all types of organizations (such as commercial enterprises, government agencies, non-profit companies). The standard specifies the requirements for establishing, implementing, operating, monitoring, evaluating, maintaining and improving documented information security management systems in relation to an organization's overall business risks. It also specifies the requirements for the implementation of security controls tailored to the needs of an organization or parts thereof. The information security management system is designed to ensure the selection of sufficient and appropriate security controls that safeguard information assets and provide assurance to interested parties.
Document: references other documents
Responsible national committee
NA 043-04-27-01 AK - Requirements, services and principles for IT Security management systems
Responsible european committee
CEN/CLC/JTC 13 - Cybersecurity and Data Protection
Responsible international committee
ISO/IEC JTC 1/SC 27/WG 1 - Information security management systems
