Compliance ISO 27001
Is Information Security Important?
Information is the key to success and growth for an organization. You do not want this happening to you…
- 15,000 hospital records found in a waste bin
- 30,000 passwords to Internet accounts published on the Internet
- 25 people from the development department moved to a competitor
- Banks pay millions to blackmailing crackers
- 300,000 account numbers stolen - some published on the WEB
Overview
ISO 27001 is a specification for the management of Information Security. It is applicable to all sectors of industry and commerce and not confined to information held on computers. It addresses the security of information in whatever form it is held.
The information may be printed or written on paper, stored electronically, transmitted by post or email, shown on films, or spoken in conversation. Whatever form the information takes, or means by which it is shared or stored, ISO 27001 helps an organization ensure it is always appropriately protected.
Information security can be characterized as the preservation of:
- Confidentiality - ensuring that access to information is appropriately authorized
- Integrity - safeguarding the accuracy and completeness of information and processing methods
- Availability - ensuring that authorized users have access to information when they need it
ISO 2700:2005 proposes measures for an efficient information security management framework. ISO 27001 helps an organization establish an information security management system (ISMS) and thus prepare for the audit.
ISO 27001 contains a number of control objectives and controls. These include:
- Information Security policy
- Organizational security
- Asset classification and control
- Personnel security
- Physical and environmental security
- Communications and operations management
- Access control
- System development and maintenance
- Security incident management
- Business continuity management
- Compliance
Our Approach
Our approach involves the following steps:
Benefits of Certification to ISO 27001
Obtaining a certificate from a third party certification body demonstrates that you have addressed, implemented and controlled the security of your information. But the benefits don’t stop there. Certification also:
- Comforts customers, employees, trading partners and stakeholders – in the knowledge that your management information and systems are secure.
- Demonstrates credibility and trust.
- Can lead to cost savings. Even a single information security breach can involve significant costs.
- Establishes that relevant laws and regulations are being met.
- Ensures that a commitment to Information Security exists at all levels throughout an organization.
