What is ISO/IEC 27000:2018?
Overview and Introduction
ISO 27000:2018 is the standard that describes the purpose of an Information Security Management System (ISMS). This standard is similar to other ISO standards such as ISO 9000 and ISO 14000, but rather than being specific to quality and environment, it is used to manage information security risks and controls within an organization. Bringing information security deliberately under apparent management control is a central principle throughout the ISO/IEC 27000 standards.
Information security, like many technical subjects, has vast and growing terminology. ISO takes the time to define terminology so that organizations that are working to implement the standard understand, without confusion, the objectives and goals to lead to a well-functioning ISMS. As with ISO 9000 and ISO 14000, the base ‘000’ (27000) standard is intended to address this.