ISO/IEC 2700 Series  of , more specific  ISO/IEC 27001:2005, is a quality assurance and documentation approach to ensure the selection of adequate and proportionate security controls that protect information assets are in place. This standard specifies requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. It also covers implementation of customized security controls, compliance and maintenance by:

• Systematically examine and formulate security requirements and objectives by taking account of the threats, vulnerabilities and impacts as they relate to an organization's information security risks

• Design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable

• Adopt an overarching management process to ensure that the information security controls continue to meet the organization's information security needs on an ongoing basis

• Ensure that security risks are cost effectively managed

The ISO/IEC 27001:2005 regulation provides an organization with a security process framework for the implementation, management and status evaluation controls to ensure objectives are met.  Praetorian Secure assists organizations with streamlining internal and external auditing to determine the degree of compliance, and provides a quality management approach to security that is sometimes required by vendors, suppliers and clients.

For more information:

http://www.iso.org