What is ISO 27001?
ISO 27001 (formally known as ISO/IEC 27001:2005) is a specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation's information risk management processes.
The specification includes details for documentation, management responsibility, internal audits, continual improvement, and corrective and preventive action. The standard requires cooperation among all sections of an organisation.
ISO 27002 contains 12 main sections:
1. Risk assessment
2. Security policy
3. Organization of information security
4. Asset management
5. Human resources security
6. Physical and environmental security
7. Communications and operations management
8. Access control
9. Information systems acquisition, development and maintenance
10. Information security incident management
11. Business continuity management
12. Compliance
Benefits of ISO 27001:2013
Protecting your organisation’s information is critical for the successful management and smooth operation of your organisation. Achieving ISO 27001 will aid your organisation in managing and protecting your valuable data and information assets.By achieving certification to ISO 27001 your organisation will be able to reap numerous and consistent benefits including:
- Keeps confidential information secure
- Provides customers and stakeholders with confidence in how you manage risk
- Allows for secure exchange of information
- Helps you to comply with other regulations (e.g. SOX)
- Provide you with a competitive advantage
- Enhanced customer satisfaction that improves client retention
- Consistency in the delivery of your service or product
- Manages and minimises risk exposure
- Builds a culture of security
- Protects the company, assets, shareholders and directors
No comments:
Post a Comment