 |
|
ISO 27001:2005
ISO/IEC 27001/2005 Information Technology – Security techniques – Specification for an Information Security Management System. The standard covers all types of organizations (e.g. commercial enterprises, Govt. Agencies and non – profit organization). It specifies the requirements for establishing, implementing, operating, Monitoring, reviewing, maintain and improving documented ISMS within the context of the organizations over all risk management process. It specifies requirements of the implementation of security controls customized to the needs of individual organization or parts of thereof. It does not mandate specific information security controls. The standard defines its ‘process approach’ as “The application of a system of processes with an organization, together with the identification and interactions of these processes, and their management”. It employs the PDCA, Plan-Do-Check-Act model to structure the processes. ISO/IEC 20000
ISO/IEC 20000 is the first world wide standards specifically aimed at IT Service Management. It describes an integrated set of management process for the effective delivery of services to the business and its customers.
|
|
 |
