ISO/IEC 27001:2005

ISO/IEC 27001:2005

International Standard for the implementation of information security management system


The organizations, independently of their type and size:


  • Collect, analyze, store and transmit large amounts of information.

  • Recognize that information and related processes, systems, networks and people are important assets for the achievement of the organization’s goals.

  • Face a number of risks that may affect the assets’ operation.

  • Reduce the risks by applying information security control mechanisms.


All information kept and processed by an organization is subject to threats of attacks, faults, natural disasters (e.g. flood, fire, etc.) and to weaknesses inherent in their use. Information comprises resources that are of value to the organization and need adequate protection against loss of availability, confidentiality and integrity. The catalyst for business efficiency is the ability to provide timely accurate and complete information to authorized individuals who need it.

The protection of information assets through determination, achievement, maintenance and improvement of information security is of vital importance, in order for the organization to be able to achieve its goals, maintain and enhance its legal compliance and public image. 

These coordinated activities, which guide the application of appropriate control mechanisms and manage unacceptable safety information risks, are components of an information security management system.

A description model of the various components that are related to information security risk is shown in the figure below.




GEP, having implemented a significant number of similar projects, has the experience and expertise to effectively support any enterprise or organization in the development of an information security management system, in order to be certified, according to the requirements of the international standard ISO/IEC 27001:2005.