Request a Demo

Fill in the form below and we will contact you shortly to organised your personalised demonstration of the Noggin platform.

The Noggin Platform

The world's leading integrated resilience workspace for risk and business continuity management, operational resilience, incident & crisis management, and security & safety operations.

Learn More
Resilience Management Buyers Guide - Thumbnail
A Resilience Management Software Buyer's Guide
Access the Guide

Who We Are

The world’s leading platform for integrated safety & security management.

Learn More

Guide to Understanding ISO 27001 for Security Management

Best Practice Guide

Understanding the physical security controls outlined in the ISO 27001 standard

International standards prescribe baselines for securing assets, digital as well as physical. The ISO (International Organization for Standardization) 27001 information security (IS) management systems standard, in particular, focuses on securing information assets – but offers physical security controls, as well. First, a little background: the ISO 27000 series is a family of IS management standards, focused on Information Systems Management (ISM). Originally dubbed as BS7799, ISO 27001 was eventually included in the set of ISO standards when the organization began adding ISMS standards.

What does ISO 27001 define precisely? The standard lays out methods and practices of implementing information security in organizations, providing flexible guidelines – targeted at companies from all sectors and of all sizes – for how those methods and practices should be implemented. The standard also aims to provide a means of enabling secure, reliable communications of security risk. Included in the standard are the requirements that an ISMS must fulfill in order to achieve certification. Those specifications are broad, however. Specific requirements are not given in this generic standard as it is applicable to all businesses in all sectors. As is the case with ISO standards in general, requirements are left to individual companies to develop and implement – here, ISO 27001 provides supplementary guidelines.

What ISO 27001 outlines, instead, is the broad requirement for planning, implementation, operation, and continuous monitoring and improving of a process oriented ISMS. It calls on organizations to identify and assess risks, as well as define control objectives (for physical security among other matters).

Download the guide to continue reading >>

Download the Free Guide