Information is Life and blood for any organisation. It is a valuable asset to be protected, particularly in light of the increased significance of e-business and e-communication. An Information Security Management System (ISMS) allows for systematic security improvement, both within an organization and outside of it. Information security is a success factor for any organization. That is why it is necessary to minimize risks caused by the loss of assets, system breakdowns, breakins into the system from outside, manipulation as well as partial or complete loss or misuse of data that is, information. The results of such a risk analysis are taken into account when making plans for business continuity.
In October 2005, British Standard BS 7799 part 2 was adopted by ISO, re-badged and released as the new international standard ISO/IEC 27001:2005. ISO 27001 standard is the only one of its kind to date that defines requirements for the implementation of a management system for information security and against which organizations seek independent certification of their Information Security Management Systems
The information security controls from ISO 17799:2005 are noted in an appendix to ISO 27001. Organizations adopting ISO 27001 are free to choose whichever specific information security controls are applicable to their particular information security situations. As with ISO 17799, the key to selecting applicable controls is to undertake a comprehensive assessment of the organization’s information security risks. With the release of ISO 27001, BS 7799 Part 2 has been withdrawn just as BS 7799 part 1 was withdrawn and replaced by ISO 17799.
Application of ISMS is very crucial to organisations depending on IT – like BPO Companies Software Developers, Banks, Financial Institutions, Government Organisations, Organisation Implementing ERP, etc..