This International Standard focuses on the critical aspects needed for successful design and implementation of an Information Security Management System (ISMS) in accordance with ISO/IEC 27001:2005. It describes the process of ISMS specification and design from inception to the production of implementation plans. It describes the process of obtaining management approval to implement an ISMS, defines a project to implement an ISMS (referred to in this International Standard as the ISMS project), and provides guidance on how to plan the ISMS project, resulting in a final ISMS project implementation plan.This International Standard is intended to be used by or
DS/ISO/IEC 27003:2010 history
2010DS/ISO/IEC 27003:2010 Information technology - Security techniques - Information security management system implementation guidance