ISO 27001:2005 certification (Information Security Management System). It is the standard, which specifies requirements for implementation, establishment, operation, monitoring, research, maintenance and improvement of documented Information Security Management Systems (ISMS). It specifies requirements for establishment of a safety control, adapted according to needs of an organization. The organization declares the assurance of information security management system requirements by certification according to BS 7799-2 / ISO 27001:2005 certification.
ISO 27001 certification specifies the Plan-Do-Check-Act (PDCA) model for continual quality improvement. The PDCA cycle helps "the organization to know how far and how well it has progressed" and "influences the time and cost estimates to achieve compliance." ISMS as "a systematic approach to managing sensitive company information so that it remains secure. ISMS encompasses people, processes, and IT systems."
Information security is achieved by applying a suitable set of controls (policies, processes, procedures, organizational structures, and software and hardware functions).
ISO 27001 certification is suited to any organization that manages assets - data, people, software and intellectual property. This includes government departments (or their critical suppliers such as mailing houses, or data warehouses), energy Consultant s and utilities, banks, insurance companies and corporate across all sectors of the economy.