What does it mean when ISO 27001 references an ISMS? ISMS stands for Information Security Management System, a programmatic structure that allows you to build a security framework and controls specific to your organization. In other words, it’s a specific process that selects custom security controls catered to the risk of your organization.
When applied correctly, ISO 27001 is very different in approach and methodology from popular industry frameworks such as PCI, HIPAA, or NIST, which provide a catalog of security controls that you use to benchmark your organization against as a best practice. The ISO 27001 ISMS guides you through a series of steps and processes to build and select security controls that are appropriate and rightsized for your organization.
The ISO 27001 ISMS represents a holistic process that includes a series of core documentation that frames and scopes the organizational approach to security.
The ISO 27001 ISMS encourages an organization to document the people, process, and technologies in scope for their ISMS. ISO 27001 framework provides the methodology, required documentation, and structure needed to select the correct security controls for your organization to mitigate real security risks to the people, process, and technology supporting your business.
When someone references ISO 27001 ISMS, they’re referring to all of the work and documentation required to build out the complete information security management standard and population of controls under management.
NuHarbor is a leading national cybersecurity services firm, supporting the diverse needs of hundreds of clients with clear, comprehensive, and outcome-based solutions. Our tenured, highly certified Security Advisory Team averages 10 years of compliance and information assurance experience. If you need assistance with ISO 27001, or any security framework, contact us today!
Justin (he/him) is the founder and CEO of NuHarbor Security, where he continues to advance modern integrated cybersecurity services. He has over 20 years of cybersecurity experience, much of it earned while leading security efforts for multinational corporations, most recently serving as global CISO at Keurig Green Mountain Coffee. Justin serves multiple local organizations in the public interest, including his board membership at Champlain College.