ISO/IEC 27001:2013

This standard has been revised by ISO/IEC 27001:2022

Abstract

ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in ISO/IEC 27001:2013 are generic and are intended to be applicable to all organizations, regardless of type, size or nature.

General information

Status
: Withdrawn

Publication date
: 2013-10
Edition
: 2

Number of pages
: 23
Technical Committee
: ISO/IEC JTC 1/SC 27 Information security, cybersecurity and privacy protection
ICS
:
35.030 IT Security

03.100.70 Management systems

Life cycle

News

Hacker dressed in black and wearing a Guy Fawkes mask sits at a desk in a dark room, illuminated only up by the dim light of his laptop screen.

16 December 2020

Keeping an eye on information security

The standard for IS governance just updated.

A guy wearing a yellow t-shirt works from home using his dining room table as a desk

2 October 2020

Keeping cyberspace safe for 30 years

At a time when more of us are connected and working remotely than ever before, it’s good to know that there are people like SC 27 keeping our online activities secure with ISO standards.

High-angle view of two technicians talking in a server room.

27 January 2020

Guidance for information security management systems auditors just updated

Keeping sensitive company information and personal data safe and secure is not only essential for any business but a legal imperative. Many organizations do this with the help of an information security …

Shot of an unrecognizable man doing online shopping on his digital tablet and holding his credit card while being seated at a table.

6 August 2019

Tackling privacy information management head on: first International Standard just published

We are more connected than ever, bringing with it the joys, and risks, of our digital world. Cybersecurity is a growing concern, with attacks against business almost doubling over the last few years and …

Close up of the hands of a woman typing on a red lit laptop keyboard.

4 February 2019

Stronger data protection with updated guidelines on assessing information security controls

Software attacks, theft of intellectual property or sabotage are just some of the many information security risks that organizations face. And the consequences can be huge. Most organizations have controls …

Got a question?

Check out our FAQs

Customer care

+41 22 749 08 88

customerservice@iso.org

Opening hours:
Monday to Friday - 09:00-12:00, 14:00-17:00 (UTC+1)

Abstract

General information

People also bought

Life cycle

Previously

ISO/IEC 27001:2005

Now

ISO/IEC 27001:2013

Corrigenda / Amendments

ISO/IEC 27001:2013/Cor 1:2014

ISO/IEC 27001:2013/DAmd 1

ISO/IEC 27001:2013/Cor 2:2015

Revised by

ISO/IEC 27001:2022

Got a question?

Keep up to date with ISO

Abstract

General information

People also bought

Life cycle

Previously

ISO/IEC 27001:2005

Now

ISO/IEC 27001:2013

Corrigenda / Amendments

ISO/IEC 27001:2013/Cor 1:2014

ISO/IEC 27001:2013/DAmd 1

ISO/IEC 27001:2013/Cor 2:2015

Revised by

ISO/IEC 27001:2022

This may also interest you

News

Pages

Got a question?

Keep up to date with ISO