Information for

Request for

Send us an email Microsoft Partner Network membership
Microsoft BizSpark Startup member
VMWare member
Valid XHTML 1.0 Transitional Valid CSS!

Postcode Anywhere

PayPal for Business

Home -> Guidelines & Standard -> ISO 27001
Outsourcing software development to China - CMS

ISO 27001 Standard

Information Security Management System (ISMS) certification standard.
Please check for updated information.

TISO 27001 is a detailed security standard and a comprehensive set of controls comprising best practices in information security. This standard was published in October 2005 as a replacement to the BS7799-2 standard. It is primarily referred to as the Information Security Management System (ISMS) certification standard. Organisations that seek to implement an ISMS are examined against ISO 27001.

There are 11 major controls in ISO 27001 that comprise best practices in information security including:

  • Security Policy
  • Organisation of Information Security
  • Asset Management
  • Human Resource Security
  • Physical and Environment Security
  • Communications and Operations Management
  • Access Control
  • Information Systems Acquisition, Development and Maintenance
  • Information Security Incident Management
  • Business Continuity Management
  • Compliance

ISO 27001 does not mandate specific processes and procedures nor define the implementation techniques for getting certified. Thus, companies being audited for ISO 27001 compliance deal with issues that plague companies that face regulatory audits, how to effectively get to a state of being compliant, and after the audit, the cost of effectively maintaining that known state. This is where Abstract Technology Ltd can offer the following benefits:

  • Quickly and professional gain visibility into your compliance status
  • Achieve, maintain and automate ISO 27001 compliance processes
  • Reduce risk of data breaches

ATL and ISO 27001

ATL's configuration control solution provides powerful configuration assessment and change auditing capabilities to allow organisations proactively assess their IT configurations to see how they measure up to ISO 27001. For configuration items that don't measure up, there is remediation guidance which walks you through getting those settings to the correct values. Once this known state has been achieved, ATL's change auditing solution monitors for changes that could affect compliance to your ISO 27001 policies, and maintains a known state of your IT infrastructure.

The standard itself is generic and can be applied to any system or product. 


Anyone that wants to introduce information security processes into a project or organisation.


Click here to access our contact form or send us an email at

Home | Contact us | Site map | Terms of use | Privacy | FSA Regulation | Money Laundering Policy| Resources | Newsletter subscription | FAQ
© 2004 - Abstract Technology Ltd. Online Payment Enabler & Offshore Outsourcing System Development