ISO 27001 is the International Standard for Information Security Management Systems (ISMS).
It is based largely upon the previously adopted BS 7799 used commonly since 1995 for managing information security.
ISO 27001 provides the framework for a technology and vendor-neutral management system that enables an organisation to assure itself that its information security measures are effective. This includes the continued accessibility, confidentiality and integrity of its own information and that of its stakeholders as well as legal compliance.
Implementation of ISO 27001 is an ideal response to legal requirements and potential security threats such as:
What are the benefits of certification?
- Customer satisfaction – by giving confidence that their personal information is protected and confidentiality upheld
- Business continuity – through management of risk, legal compliance and vigilance of future security issues and concerns
- Legal compliance – by understanding how statutory and regulatory requirements impact the organization and its customers
- Improved risk management – through a systematic framework for ensuring customer records, financial information and intellectual property are protected from loss, theft and damage
- Proven business credentials – through independent verification against recognized standards
- Ability to win more business – particularly where procurement specifications require certification as a condition to supply
So what does it mean?
Simply stated, ISO 27001 certification provides an assurance that the security of customer data and services is under active and ongoing monitoring at executive level that considers all applicable security requirements and the results of regular risk assessments in selecting appropriate security controls. Once in place, these controls are continually monitored through management reviews and internal audits for their effectiveness in meeting those requirements and in mitigating risk. A customer also gains the confidence that each individual security control has been properly implemented as per the specification.