The formal title of this Standard is ‘Information technology – Security techniques – Information security management systems – Requirements’. From October 2013, it replaced the previous edition, ISO/IEC 27001:2005.
Including end pieces, this Standard is only 30 pages long. The core of the Standard is contained in the nine pages that set out the specifications for the design and implementation of an information security management system, and in the 13 pages of Annex A, which contain the 114 individual controls which must, under the Standard, be considered for applicability.
The ISMS specification is contained in Clauses 4 to 10 of ISO27001.
The Standard’s contents (main clauses and annexes) are:
0. Introduction
1. Scope
2. Normative references
3. Terms and definitions
4. Context of the organisation
5. Leadership
6. Planning
7. Support
8. Operation
9. Performance evaluation
• Annex A: Reference control objectives and controls
• Bibliography