What is EN ISO 27384: 2011 ?

EN ISO 27384: 2011 and EN ISO 27358: 2011 are both international standards developed by the International Organization for Standardization (ISO). These standards are designed to help organizations effectively manage information security risks and protect their information assets.

EN ISO 27384: 2011 is a comprehensive international standard that specifies the requirements and guidelines for the design, implementation, and maintenance of information systems in organizations. The standard aims to ensure the security, integrity, and confidentiality of sensitive information within an organization's IT infrastructure.

To effectively manage information security risks, EN ISO 27384: 2011 emphasizes the importance of adopting a risk-based approach. The standard encourages organizations to identify potential risks and implement appropriate controls to mitigate those risks. This approach ensures that information security measures are aligned with the organization's overall business objectives and priorities.

EN ISO 27358: 2011 is a professional technical standard that provides guidelines and requirements for the storage and management of electronic records. The standard focuses specifically on the principles and functional requirements for software used in electronic records management systems (ERMS).

The purpose of EN ISO 27358: 2011 is to ensure that electronic records are properly managed and preserved in a way that maintains their integrity, authenticity, and reliability. The standard sets out best practices for the design, implementation, and maintenance of ERMS, with the ultimate goal of facilitating the long-term preservation of electronic records.

In conclusion, EN ISO 27384: 2011 and EN ISO 27358: 2011 are two important international standards that can help organizations protect their information assets and effectively manage information security risks. By implementing the guidelines and recommendations outlined in these standards, organizations can ensure the security, integrity, and confidentiality of sensitive information and protect their information assets from various threats and vulnerabilities.