Why is ISO 27001 – 2013 ISMS?

ISO/IEC 27001, part of the ISO/IEC 27000 family of standards, is an Information Security Management System (ISMS) standard republished in 2013 by the International Organization for Standardization (ISO) and the International Electro technical Commission (IEC).

ISO/IEC 27001 formally states a management system that is intended to carry information security under clear management control. As organizations have a numbers of information security controls and without a proper management system, the controls may be disorganized and disjointed.

The security controls in operation typically address certain aspects of IT or data security, specifically, leaving non-IT information assets (such as paperwork and proprietary knowledge) less well protected on the whole. Business continuity planning and physical security, for examples, may be managed quite independently of IT or information security while Human Resources practices may make little reference to the need to define and assign information security roles and responsibilities throughout the organization


ISO 27001:2005 helps organizations to implement information security management systems (ISMS) to deal with increasingly competitive markets and the security requirements of customers, both implicit and explicit.

To enable you respond to your customers’ and your partners’ needs, AFNOR Groupe offers ISO 27001:2005 certification.

Certification to ISO 27001 adds value to the measures taken to protect the assets of your customers, as well as your own.

Certification of an organization or a unit to ISO 27001 demonstrates its capacity to regularly identify the assets within its environment, define suitable protection measures and manage a coherent and effective information security system. Complemented by ISO 17799:2005 “Code of practice for information security management” and the July 2002 OECD guidelines, the ISO 27001 standard provides a framework for setting up, maintaining and improving a management system.

Based on the BS 7799-2 framework, ISO 27001 takes the BS requirements in their entirety and incorporates new security controls.
The 2005 version contains the following chapters:

  • – Information Security Management System,
  • – Management responsibility,
  • – Internal ISMS audits,
  • – Management Review,
  • – ISMS improvement,

…but also 39 control objectives and 133 controls.

Built with the Approach Process and PDCA Model, it acts as a tool for all sectors and companies, subjected to strong competition and specific customer requirements.

Moreover, ISO 27001 is naturally integrated in organizations using the principles of management standards such as ISO 9001, EN 9100, ISO 14001


  • It is a management tool aimed at reducing risk in your organization
  • It is proof to your customers and purchasers of the high level of security management
  • It is an improvement tool to set up a continuity plan for your operations
  • It is a way of complying with national and international laws,
    Your staff members are well-informed and Information security costs of your organization are managed

It is internationally recognized in all sectors, giving you access to new markets across the world.

ISO 27001/BS 7799 ISMS – FOR WHOM

Organizations of all business sectors wanting to systematically examine their information for risks and their protection needs.

Contact Us – We are looking forward to hearing from you!