ISO/ IEC 27001:2005 sets out requirements and guidance for use. ISO 27001 is the only auditable international standard which defines the requirements for an Information Security Management System (ISMS). The standard was introduced to ensure adequate security controls were implemented in operating an organisation.
The principal objective of ISO/ IEC 27001 is to help establish, develop, maintain and continually improve an effective information management system. It employs principles and controls to govern security of information and network systems. This serves to minimise risk and ensures that security continues to fulfil necessary internal processes as well as customer and legal requirements.
The security controls are to implement confidentiality, integrity and ensure working practices are in place to safeguard any data and information of ‘interested parties’. Included in this are customers, employees, partners (suppliers) and the general public.
Organisations that manage without significant controls and protected systems are more vulnerable to fraud and viruses, security breaches and lost data as critical information can be accessed without their permission.
An information security management system compliant to ISO/IEC 27001 can help show evidence to customers and partners that the organisation takes information security seriously.
Is it relevant to your Company?
Yes, if your Company wants the benefit of;
- Competitive advantage – More Companies are asking for this information in tender requests and such a standard can ensure their assurance in knowing you have the relevant security controls in place for handling their data.
- Marketing your capabilities – You are able to market all your materials with evidence of this certification which encourages potential partners and customers to work with you.
- Reduced business risk – Ensures satisfactory controls are in place to reduce the risk of any threats to security and to avoid any system weaknesses being abused.
- Business Continuity and the safe recovery of any critical process within your Organisation.
- Legislation compliance – 27001 is a recommendation by the UK Data Protection Commissioner and can prove that you meet the requirements of the Data Protection Act 1998.
- Confidence in your abilities – Be self assured that the security measures you are working within are equivalent to best industry practice.
ISO/IEC 27001 is suitable for any organization of any size in any sector. The standard is particularly popular where information protection is critical, such as in the finance, health, public and IT sectors (especially IT outsourcing companies).