ISO Training FAQs - iCertWorks

ISO Training FAQs

Answers to your ISO Training Questions

ISO Training FAQs

What does ISO stand for?

ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO standards are the result of collaboration and consensus among a group of more than 160 countries around the globe.

What is information?

Information is that which informs or resolves uncertainty. Information is a business asset that has a value to an organization and thus has to be protected. Information can be found in any form including:

  • Electronic - email, data stored, websites, etc.
  • Physical - paper files, cds, photos, USB drive, etc.
  • Verbal - phone conversations, in-person conversations, meetings, etc.
  • Knowledge - employee knowledge (in their heads)

What is information security?

Information Security is known as the process of protecting information assets against the loss of confidentiality, integrity and availability (CIA) or preservation of CIA.

What is an Information Security Management System (ISMS)?

A framework of processes and procedures used to protect against the loss of confidentiality, integrity and availability (CIA) of information in any form.

What is ISO 27001?

ISO 27001 is the international standardization of auditable requirements for an information security management system (ISMS). ISO 27001 has two main parts including Sections 4-10 and Annex A.

What is the ISO series of standards?

All ISO standards consist of a series of standards that apply to a specific management system category. The ISO 27000 series of standards specifically address information security management systems (ISMS).

It is typically the first standard in each ISO series that contain the management system requirements. Thus, it is typically only the 1st standard in each series that is "certifiable" such as;

  • ISO 27001 = Information Security Management Systems (ISMS)
  • ISO 9001 = Quality Management Systems (QMS)
  • ISO 22301 = Business Continuity Management Systems (BCMS)

*All of the other standards in each ISO series are typically reference / guidance to support one or more of the management system requirements. Some commonly used ISO 27000 reference standards include:

  • ISO 27002 = reference / guidance for information security controls (code of practice)
  • ISO 27004 = reference / guidance for information security measurement
  • ISO 27005 = reference / guidance for risk assessment

*there are many more reference / guidance standards available in the 27000 series

ISO Training Resources

Contact us about ISO Training!

Looking for ISO 27001 Training?

© 2024 iCertWorks LLC. All right reserved.