ISO 27001 Clause 3 Terms and definitions

Dec 19, 2023by Maya G

Clause 3 of ISO 27001 provides a list of terms and definitions used in the standard. These terms and definitions are used throughout the document to ensure that there is a clear and consistent understanding of the concepts and requirements of the standard.

Here are some key terms and definitions from ISO 27001 Clause 3:

  1. Asset: Anything that has value to the organization, including information and information systems.
  2. Confidentiality: The property that information is not made available or disclosed to unauthorized individuals, entities, or processes.
  3. Integrity: The property that information is accurate and complete and that it has not been modified or destroyed in an unauthorized or accidental manner.
  4. Availability: The property of being accessible and usable upon demand by an authorized entity.
  5. Information security: Preservation of confidentiality, integrity, and availability of information.
  6. Information security management system (ISMS): A systematic approach to managing sensitive company information so that it remains secure.
  7. Risk: The likelihood of a threat exploiting a vulnerability and the resulting impact on an asset.
  8. Risk assessment: The process of identifying risks to the confidentiality, integrity, or availability of information and evaluating the potential impact of those risks.
  9. Risk treatment: The process of selecting and implementing measures to modify risk.
  10. Statement of applicability: A document that specifies the controls that an organization has implemented to address the risks identified during the risk assessment process.

By providing these terms and definitions, ISO 27001 ensures that there is a common understanding of the concepts and requirements used in the standard, enabling organizations to effectively implement an ISMS that addresses the risks to their information assets.

ISO 27001, ISO 27001 Documentation Toolkit