ISO/IEC 27001:2013 - Information Security Management System (ISMS)

ISO/IEC 27001 was published collaboratively by the International Organization for Standardization (ISO) and the International Electro technical Commission (IEC) with the intent to help organisations mitigate the risk of privacy and data breaches. Information security breaches may result in the loss of millions, even billions of private organizational records and sensitive customer data. Companies are under intense global pressure to demonstrate they are effectively and competently safeguarding against data breaches ISO/IEC 27001 standard that defines the requirements for planning, implementing, operating, monitoring, reviewing, maintaining and improving information security management systems.

ISO/IEC 27001 was published collaboratively by the International Organization for Standardization (ISO) and the International Electro Technical Commission (IEC) with the intent to help organisations mitigate the risk of privacy and data breaches. Information security breaches may result in the loss of millions, even billions of private organizational records and sensitive customer data. Companies are under intense global pressure to demonstrate they are effectively and competently safeguarding against data breaches ISO/IEC 27001 standard that defines the requirements for planning, implementing, operating, monitoring, reviewing, maintaining and improving information security management systems.

 

 

ISO/IEC 27001:2013

 

The standard specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system in the context of the organisation. It also includes requirements for the evaluation and treatment of information security risks tailored to the needs of the organisation. The requirements set down in the standard are generic and intended to be applicable to all organisations, regardless of their type, size or nature.

 

The purpose of the standard is to protect data and information against a wide range of threats (unauthorised access, destruction and theft of data, interruption of service, computer viruses) in order to ensure business continuity. Having an effective information security management system means being equipped with a full range of security measures to safeguard the confidentiality, integrity and availability of data.

 

  • Confidentiality: so that all information is accessible only to authorised persons
  • Integrity: to prevent undue, accidental or fraudulent changes to information
  • Availability: to ensure that users can access data on the basis of their specific permission profiles within time-frames that are consistent with their operational needs.

 

 

The Benefits of ISO/IEC 27001 Certification

 

Information security management system certification helps organisations to:

  • ensure compliance with contractual and legislative requirements
  • enhance their credibility and visibility, safeguard their image and assets and facilitate information retrieval
  • manage the costs of security incidents
  • effectively target their investments in implementing security controls
  • ensure and provide evidence to stakeholders that the organisation has implemented all the necessary tools and technical and organisational measures to safeguard information security.