ISO/IEC 27001:2013 pdf download, Information technology — Security techniques — Information security management systems — Requirements.
ISO/IEC 27001 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in ISO/IEC 27001:2013 are generic and are intended to be applicable to all organizations, regardless of type, size or nature.
ISO/IEC 27001 applies the high-level structure,identical sub-clause titles,identical text,common terms,and core definitions defined in Annex SL of ISO/IEC Directives,Part 1,Consolidated ISO Supplement,and therefore maintains compatibility with other management system standards that have adopted the Annex SL.
This common approach defined in the Annex SL will be useful for those organizations that choose to operate a single management system that meets the requirements of two or more management system standards.
