Skip to main content

ISO 27001 Principles

What are the three principles of information security in ISO/IEC 27001, also known as the CIA triad?

Confidentiality

  • → Meaning: Only the right people can access the information held by the organization.
  • ⚠ Risk example: Criminals get hold of your clients’ login details and sell them on the Darknet.

Information integrity

  • → Meaning: Data that the organization uses to pursue its business or keeps safe for others is reliably stored and not erased or damaged.
  • ⚠ Risk example: A staff member accidentally deletes a row in a file during processing.

Availability of data

  • → Meaning: The organization and its clients can access the information whenever it is necessary so that business purposes and customer expectations are satisfied.
  • ⚠ Risk example: Your enterprise database goes offline because of server problems and insufficient backup.

An information security management system that meets the requirements of ISO/IEC 27001 preserves the confidentiality, integrity and availability of information by applying a risk management process and gives confidence to interested parties that risks are adequately managed.