The new standard ISO 27001:2013 (Information Technology – Security techniques – Information security management systems – Requirements) was published on 31 October 2013.The standard was previously known as BS 7799 and ISO 17799 and the ISO 27001 (ISMS) standard was published in 2005 and re-released in 2013. ISO 27001 is the British Standard for an Information Security Management System (ISMS). It is the only (ISMS) that is auditable to international standards. An ISO 27001 certification ensures that your company information is secured under management control by providing a tailored system framework.
SO 27001 promotes the security of information systems through quality system management. in a technology-led business world, control of private and confidential information stored and supplied through information systems is paramount to an organisation’s success.
ISO 27001 ensures that information security is brought under critical and established controls through formal specification of management systems and auditing. this international standard specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of an organization. this standard also includes the requirements for the assessment and treatment of information security risks tailored to the needs of organization. compliance with ISO 27001 certification is proof of independent verification that your Information Security Management System meets the international standard confirming it is continually maintained and improved to keep up with new threats
Any organisation, big or small, that holds sensitive information is a candidate for ISO 27001 certification. In particular, companies in the healthcare, finance, public, and IT sectors can benefit greatly from a certified information security management system.
Ensure compliance with the legal and regulatory requirements.
Continually monitor your organisation’s performance.
Independently verify that your organisational risks are properly identified, assessed and managed, while formalising information security processes, procedures and documentation
•Demonstrate your commitment to implement high level of security and adherence to information security towards company’s stakeholders.
ISO 27001 can be applied to any size of business across all industry sectors. It is particularly important to companies whose information is sensitive and critical, such as, IT, finance, health and public agencies and those managing information on behalf of others.