Information Security Management Systems (ISMS) allow organizations to implement, maintain, and continually improve their information security. ISMS manages the security of assets such as financial information and intellectual property.
The ISO/IEC 27000 series of standards are designed to cover organizations of all sizes, industries and nature. Due to this, there are dozens of standards within it. Some choose to implement these standards to take advantage of the best practices they provide, while others prefer to become fully certified. Certification reassures customers that all requirements are being followed completely.
SCC uses the criteria in ISO/IEC 17021-1 and ISO/IEC 27006 to accredit certification bodies that assess and certify ISMS systems to the international standard ISO/IEC 27001.