ISO/IEC 27001

Information Technology
This is an international standard which provides the requirements for implementing an Information Security Management System (ISMS). The latter is a system which safeguards the physical and logical integrity of information regardless of the format – printed, electronic or intellectual – and the know-how of its users.

ISO/IEC 27001 pursues a twofold goal: on the one hand, it protects corporate data from threats of any type in order to guarantee the conservation, confidentiality and availability of said information, while on the other, it defines the aspects to be improved or adopted in order to create an ISMS which manages a company’s sensitive data in a faultless manner.

It is based on the process approach and on careful assessment of risks which make it possible to protect a wide variety of information, ranging from technological and operational to environmental and human resource-related information. Just like the relative ISO/IEC 1799 guideline, ISO/IEC 27001 can be applied to commercial and industrial organisations of any size and complexity, for example insurance companies and transport firms.