ISO 27001:2005 Specifications:
A lot of economic, social and technical benefits are gained with ISO certification:
- Management system of an organization should systematically analyze the risk involved in an organization’s information security considering the threats, vulnerabilities and its effects.
- Management System of an organization should plan and implement a reasonable and a complete risk management system as well as suite of information security controls to tackle the unacceptable risks that may occur, and
- A organization should acquire an overall management process to make sure that the information security controls continue to meet the organization’s information security needs continuously.
Technical security controls such as antivirus and firewalls are not normally audited in ISO/IEC 27001 certification auditsand its is is essentially presumed that the organization have acquired all mandatory information security controls since the overall ISMS is in place and is deemed adequate by satisfying the requirements of ISO/IEC 27001.