The standard was withdrawn by ISO. Certificates of compliance with this version are not valid after 31 October 2025.
The standard contains the requirements for information security management systems. The standard requires an assessment of the security risks for “information assets” and specific measures to ensure those assets’ availability, integrity, and confidentiality. “Information assets” means all information that an organisation holds – information about customers, contracts, suppliers, financial information, etc., whether on paper or electronic form. The standard directs us to implement such a system of measures to ensure that our information remains intact (i.e. no parts of it are missing because of theft, fire or deletion), that it is available when we need it and that it remains confidential (not available to competitors, personal data of customers and users does not leak).