ISO 27001


The ISO 27001 Standard is the standard that defines the requirements of an Information Security Management System.

The standard includes aspects related to logical, physical and organizational security.

Since most corporate data is stored on computer media and represents an asset of great value for the operation of the company, each organization must be able to guarantee the security of its data, especially in a globalized world where the IT risks caused by violations of data protection systems are constantly increasing. The goal of the ISO 27001 standard is to provide suitable requirements for the Company Information Security Management System to ensure that it is able to protect sensitive data and information from all kinds of threats , in order to ensure its integrity, confidentiality and availability.

The standard is applicable to organizations operating in the majority of commercial and industrial sectors, particularly in finance, insurance, services, transport and government sectors.

The structure of the ISO 27001 standard is in line with that of the ISO 9001 Quality Management System, with particular emphasis on the identification and analysis of risks, their evaluation and treatment, and finally their review and their after-treatment re-evaluation.

The method proposed by NeM for the achievement of the ISO 27001 certification is described in the section “THE PATH TO CERTIFICATION”