ISO/IEC 27000:2013, Information security management system, helps organizations of any kind to understand the fundamentals, principles and concepts that allow them to improve their information assets management.
The purpose of this standard is to provide a model to establish, implement, operate, track, review, maintain and improve an information security management system. Adopting it should be a strategic decision. The ISMS design and implementation is determined by the needs and goals of the organization, its security requirements, processes used and its size and structure.
ENAXIS (formerly ISOKEY) provides the following modules for the implementation of information security management systems:
- Risk analysis
- Document control
- Non-conformities / Corrective and preventive actions