Information technology — Security techniques — Information security management systems — Requirements
Organization's core business processes is supported are information systems. Any disruption in the information quality, quantity, distribution or relevance puts business at risk. Information is critical to the operation and perhaps even the survival of organization. Being certified to ISO 27001 will help us to manage and protect valuable information assets.
ISO 27001 is the only audit-able international standard which defines the requirements for an Information Security Management System (ISMS). The standard is designed to ensure the selection of adequate and proportionate security controls.
This helps organization to protect information assets and give confidence to any interested parties, especially our customers. The standard adopts a process approach for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving our ISMS. ISO 27001 covers twelve sections:
- Security Policy
- Organization of Information Security
- Asset Management
- Human Resources Security
- Physical and Environmental Security
- Communications and Operations
- Access Control
- Information Systems Acquisition, Development and Maintenance
- Information Security Incident Management
- Business Continuity Management
Who is it relevant to? ISO 27001 is suitable for any organization, large or small, in any sector or part of the world. The standard is particularly suitable where the protection of information is critical, such as in the finance, health, public and IT sectors. ISO 27001 is also highly effective for organizations which manage information on behalf of others, such as IT outsourcing companies: it can be used to assure customers that their information is being protected. Benefits : Certifying ISMS against ISO 27001 can bring the following benefits to organization:
- Demonstrates the independent assurance of internal controls and meets corporate governance and business continuity requirements.
- Independently demonstrates that applicable laws and regulations are observed.
- Provides a competitive edge by meeting contractual requirements and demonstrating to organization's customers that the security of their information is paramount.
- Independently verifies that organizational risks are properly identified, assessed and managed, while formalizing information security processes, procedures and documentation
- Proves senior management's commitment to the security of its information.
- The regular assessment process helps to continually monitor performance, and improve.