Who Does ISO 27001 Apply To?

The answer is that ISO 27001 is a management system standard suitable for organisations of every size and every sector, in every country. The standard is particularly relevant in areas where information protection carries high weight: finance, health, public sector, and IT.

We field a lot of questions about who ISO 27001 applies to, and the consultancy and certification we provide helps organisations get a clear answer. The certificate is also important for organisations that manage information on behalf of others, such as outsourced service providers: it is a way to give clients the assurance that their information is protected.

The first British standard in this area, BS 7799, was published in 1998. It was not an international standard. ISO 17799 followed as guidance on how to deliver information security well, but it was not a standard against which organisations could be certified. The old BS 7799 became, under its new name, ISO 27001, a complete international standard against which organisations can be certified.

The standard was prepared to provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an Information Security Management System (ISMS).

The ISMS standard covers every type of organisation: commercial enterprises, public bodies, and non-profit organisations. It sets out the requirements for establishing, implementing, monitoring, reviewing, maintaining, and improving a documented ISMS in the context of the organisation's overall business risks. It also sets out requirements for the implementation of security controls tailored to the needs of individual organisations or parties.

The ISMS is designed to protect information assets and to provide sufficient and proportionate security controls that give confidence to interested parties. With more than 18 years of experience, Sistem Patent Kalite, the certification and testing consultancy, is one of the leading names in Turkey for ISO certification and quality certification. You can reach us through our branches in Istanbul, Izmir, Ankara, Bursa, Adana, Antalya, Konya, Kayseri, and Eskisehir, or online.