This standard specifies requirements for establishing, implementing, maintaining, and continuously improving an information security management system according to the organization's circumstances. This standard also includes requirements for the assessment and treatment of information security risks, performed in accordance with the needs of the organization. The requirements of this standard are established as general content so that they can be applied to all organizations regardless of their type, size, or characteristics (in order for an organization to claim conformity to this standard, it must meet the requirements set forth in 4 to 10. Neither requirement may be excluded from application).?
KS X ISO/IEC 27001:2014 history
2019KS X ISO/IEC 27001-2019 Information technology — Security techniques — Information security management systems — Requirements
2014KS X ISO/IEC 27001:2014 Information technology — Security techniques — Information security management systems — Requirements
2006KS X ISO/IEC 27001:2006 Information technology-Security techniques-Information security management systems-Requirements