ISO 27005

What is ISO 27005 ? 

ISO/IEC 27005 “Information technology, Security techniques, Information security risk management” is an international information security risk management standard published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in 2018. 

ISO is an independent, non-governmental international organization with a membership of 165 national standards bodies. Through its members, it brings together experts to share knowledge and develop voluntary, consensus-based, market relevant international standards that support innovation and provide solutions to global challenges. 

ISO/IEC 27005 provides guidelines on systematically identifying, assessing, evaluating and treating information security. It aims to ensure that organizations manage their information security controls and other arrangements rationally, according to their information security risks. This standard supports the general concepts specified in ISO/IEC 27001 and is designed to assist the satisfactory implementation of information security. For this reason, should ISO/IEC 27005 be implemented in combination with ISO/IEC 27001 and ISO/IEC 27002.This standard is applicable to all types of organizations. 

This solution will help your organisation to fulfill the requirements of ISO 27005 and moreover, maintain compliance with this standard.