ISO/IEC 27001 is the only auditable international standard which defines the requirements for an Information Security Management System (ISMS).
Information is crucial to operations and maybe even to the survival of any organization. Certification according to ISO/IEC 27001 will help an organization manage and protect its valuable information assets.
ISO/IEC 27001 is the only auditable international standard which defines the requirements for an Information Security Management System (ISMS). The standard is designed to ensure the selection of adequate and balanced security controls. This helps the organization protect its information assets and inspire confidence to any interested parties, especially its customers.
The standard is based in the process approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an ISMS.
ISO/IEC 27001 is suitable for all organizations, large or small, from any sector. It concerns especially organizations where the protection of information is crucial, such as in the finance, telecommunications, health, public and IT sectors.
ISO/IEC 27001 is also very suitable for companies that manage information on behalf of others, such as IT outsourcing companies and can function as a guarantee to customers that their information is secure.
ISO/IEC 27001 benefits
Certifying an ISMS according to ISO/IEC 27001 requirements can give the following benefits to an organization:
- Proof through an independent certification body that the internal monitoring takes place and meets the corporate goals and strategies
- Governance and business continuity requirements are met
- Applicable laws and regulations are held
- Provides a competitive edge by meeting contractual requirements and demonstrating to the organization’s customers that the security of their information is essential
- Proof from an independent source that the organizational risks are properly identified, evaluated and managed
- Proof of the existence of a formal and functional information security management system
- Proof of the organization’s senior management’s commitment to the security of its information
- Through the regular assessment process it assists the organization to monitor its performance and to improve
- Proof that all information stored, processed by, or communicated through information systems has value to the organization
ISO 27001:2005 uses risk assessment to provide a management system to:
- Maximize the availability of systems
- Provide assurance that the integrity of systems, processing and information is maintained
- Ensure that confidentiality of information is preserved.