Die Norm ISO/IEC 27001 ist der internationale Standard für die Realisierung eines wirksamen und zertifizierfähigen Informationssicherheit-Managementsystems (ISMS) und bildet die strukturelle Basis zum Schutz von vertraulichen Daten, für die Sicherstellung ihrer Integrität sowie zur Verbesserung der Verfügbarkeit von Informationen.

Die nationale und europäische Aufarbeitung der Inhalte wird in der gleichnamigen DIN EN ISO/IEC 27001 vollzogen.

Contents

Foreword
Introduction

1 Scope

2 Normative references

3 Termsanddefinitions

4 Context of the organization

4.1 Understanding the organization and its context
4.2 Understanding the needs and expectations of interested parties
4.3 Determining the scope of the information security management system
4.4 Information security management system

5 Leadership

5.1 Leadership and commitment
5.2 Policy
5.3 Organizational roles, responsibilities and authorities

6 Planning

6.1 Actions to address risks and opportunities
6.1.1 General
6.1.2 Information security risk assessment
6.1.3 Information security risk treatment
6.2 Information security objectives and planning to achieve them

7 Support

7.1 Resources
7.2 Competence
7.3 Awareness

7.4 Communication

7.5 Documented information
7.5.1 General
7.5.2 Creating and updating
7.5.3 Control of documented information

8 Operation

8.1 Operational planning and control
8.2 Information security risk assessment
8.3 Information security risk treatment

9 Performance evaluation

9.1 Monitoring, measurement, analysis and evaluation
9.2 Internal audit
9.2.1 General
9.2.2 Internal audit programme
9.3 Management review
9.3.1 General
9.3.2 Management review inputs
9.3.3 Management review results

10 Improvement

10.1 Continual improvement
10.2 Nonconformity and corrective action

Annex A (normative) Information security controls reference
Bibliography