The ISO 27001 standard encourages the adoption of a process approach to the implementation, operation, monitoring, re-examination, updating and improvement of a company’s information security management system. Annex A of the standard is ISO/IEC 27002.
The company must identify and manage a number of activities to ensure it is operating efficiently. Any activity involving the use of resources in such a way as to transform input elements into output elements may be considered as a process.
“The process approach” is the name given to the application of a process system within a company, as well as the identification, interactions and management of these processes.
The process approach for information security management system given in the standard highlights the importance of: