WHAT IS ISO 27001?
The standard was previously known as BS 7799 and ISO 17799 and the ISO 27001 (ISO27001) standard was published in October 2005.
ISO 27001 is the British Standard for an Information Security Management System (ISMS). It is the only (ISMS) that is auditable to international standards.
Information is vital to every organisation and the standard provides an auditable method of monitoring, protecting and managing information and data systems.
Loss of data and information of any kind can, at the very least, be inconvenient to an organisation, at worst it can lead to its collapse.
How will ISO 27001 help my organisation?
ISO 27001 is suitable for all organisations worldwide, large or small and across all business sectors.
By implementing a robust system to manage information within an organisation you will protect information assets to ensure continuity of business should damage or loss occur.
Loss or damage could be through a variety of causes; natural disasters such as fire or flood, accidental loss or mismanagement, corrupted or stolen, the effects of any of these losses can have catastrophic consequences for organisations.
Information can be data that an organisation processes or owns and this can be electronically stored data, information transmitted by post or email, printed data or information that individuals hold within your organisation.
By implementing ISO 27001 an organisation will identify the type of information within the organisation and define the risks and threats. You can then set up systems, controls and procedures to minimise the risk.
ISO 27001 provides a system for monitoring and maintaining:
- Confidentiality of information
- Availability of information
- Accuracy of information
Organisations that handle information on behalf of others can benefit greatly from being certified because they are able to show they have a process in place for continual monitoring and protection of third party data.
Gaining ISO 27001 certification will give your customers confidence in the knowledge that security risks have been assessed and minimised and that you have systems in place to protect and recover information quickly in the event of a loss of data.
A process of continual improvement will provide your organisation with the necessary management tools to monitor and improve the security of your valuable information.