Knowledge Hub 
FAQ 
Definitions 
Remote Support 
Videos Demos
ISO 27001
ISO/IEC 27001 is a management standard that focuses on information security. ISO/IEC 27001 defines conditions for the formation, implementation, monitoring and appraisal, maintenance and enhancement of a management system for managing an organization’s information security risk. The purpose of ISO/IEC 27001 is to provide formal specifications that bring information security under categorical management control. Organizations that implement ISO/IEC 27001 can be undergo a formal audit by an accrediting organization and certify that the organization is compliant with ISO/IEC 27001.
Management control of information security is a necessity for sustainability and continuous improvement. An ISMS developed utilizing ISO/IEC 27001 integrates “Plan-Do-Check-Act” sequences, for example, information security mitigating controls are continuously assessed and altered to evolve in line with changes in threats, vulnerabilities and impact of information security disruptions.
ISO/IEC 27001 is appropriate for multiple uses, including, but not limited to:
- To develop information security requirements and goals;
- A means to confirm that security risk are managed in a cost effective way;
- Ensure compliance with legal obligations, laws, governing bodies and regulations;
- Used as a structured process approach to implement and manage controls which align with security goals;
- Identification and improvement of current information security management processes;
- Determine the status of information security management activities;
- Used by internal and external auditors to validate the information security standards adopted by an organization and determine compliance standards
Risk Management Studio and ISO/IEC 27001
RM Studio can be used by organizations with established information security management systems or by organizations looking to implement them with the goal of obtaining ISO/IEC 27001 certification.
For those organizations looking to implement or improve an information security management system, RM Studio can be used to perform the required risk assessment, assist users in identifying assets, asset categories, and threats to the assets. RM Studio also provides users with an Implementation Guide based on ISO/IEC 27001 for mitigating risk and putting controls in place.
For organizations with established information security management systems, RM Studio can be used to perform a risk assessment, gap analysis utilizing ISO 27001 controls and information about the specific business entity inputted by the users, as well as develop a risk treatment plan. RM Studio’s tools will simplify the process and will remove the guesswork for its users.
Stiki' ISO/IEC 27001 certification
