ISO 27003 Guidance

The ISO toolbox of information security standards has grown with the addition of the ISO 27003 guidance standard for the successful design and implementation of ISO 27001.

The ISO 27003:2010 standard is titled, Information technology – Security techniques – Information security management system implementation guidance. The new standard gives advice that will be useful for all types of security-conscious groups, regardless of their size, complexity, and risks.

Information security is constantly in the news with identity theft, breaches in corporate financial records, and threats of cyber terrorism. An information security management system (ISMS) is a systematic approach to managing sensitive company information so it remains secure. It encompasses people, processes, and IT systems.

The successful design and implementation of an ISMS using ISO 27001:2005 will reassure customers and suppliers that information security is taken seriously within the organizations they deal with because they have in place state-of-the-art processes to deal with information security threats and issues.

By using ISO 27003:2010, the organization will be able to develop a process for information security management, giving stakeholders the assurance that risks to information assets are continuously maintained within acceptable information security bounds as defined by the organization.

ISO 27003:2010 covers the process of ISMS specification and design, from inception to the production of implementation plans. It provides guidance on how to obtain management approval, and gives the concepts on how to design and plan the ISMS project to ensure its successful implementation.

ISO 27003:2010 is intended to be used in conjunction with ISO 27001:2005 and ISO 27002:2005. It is not intended to modify and/or reduce the requirements specified in either standard.

You can order ISO 27003:2010 at this web page at the ANSI Standards Store.