ISO/IEC 27001 – Information security


Standard UNI IEC ISO/IEC 27001 is the reference model for application of the Information security Management System by public and private organisations of any type and size.
The ability to achieve security targets in line with the business needs of companies, each with its own outlook, is subject to information governance: the application of the management model allows the risks associated with the management of information assets to be identified and minimised.
The standard, especially indicated in cases where information protection is critical, such as the financial, public and IT sectors, is an instrument to assure protection of one’s clients’ information via adequate levels of confidentiality, integrity and availability.
The SOA – Statement of Applicability – by the Organisation represents the basis for performing the assessment of the adequacy of information security management level, of the degree of knowledge and application within the organisation and of the correct identification of possible risks according to the principles and guidelines provided by ISO 31000 Risk Management.

Furthermore, please note that standard ISO/IEC 27001 effectively integrates with other Management Systems, such as those relating to quality, environment and health and safety also thanks to migration of standards towards a new and common structure called High Level Structure (HLS).

ICIM is a certification body accredited by ACCREDIA to certify the Information Security Management System according to standard UNI IEC ISO/IEC 27001.

For further information: Edoardo Dossena (phone +39 02 72534259, e-mail