ISO/IEC 27001:2005 - now ISO/IEC 27002:2013
ISO/IEC 27002:2013 implements effective information security management in compliance with organizational objectives and business requirements. (previously 27001)
It is a Risk-based specification designed to take care of information security aspects of corporate governance, protection of information assets, legal and contractual obligations as well as the wide range of threats to an organization’s information and communications technology (ICT) systems and business processes.” (re-number ISO/IEC 17799 as ISO/IEC 27002)
EnterpriseGRC Solutions implements ISO 27001 (now ISO 27002 ISMS) at all stages, specializing in rapid Statement of Applicability readiness and assuring an efficient and cost-effective certification process.