ISO/IEC 27001 – Information Security Management Standard (ISMS)
What is ISO 27001?
In order to ensure the continuity of your operations and the safety of your data and systems, the security of information systems and critical business information must be constantly and actively managed. Unprotected systems are vulnerable to many threats, including computer-assisted fraud, sabotage and viruses.
These threats can be internal or external, accidental or malicious. Breaches in information security can allow vital information to be accessed, stolen, corrupted or lost. It is crucial that every company institutes appropriate controls and procedures in place to avoid such incidents.
The internationally recognized information security management system ISO 27001 (better known as ISO/IEC 27001) is suitable for any organization, large or small, in any sector or part of the world where managing sensitive company information, keeping it secure from outsiders seeking that information is important. The standard is particularly suitable where the protection of information is critical, such as in the finance, health, public and IT sectors.
Benefits of ISO 27001 Certification
Gaining certification from Intercert demonstrates that the security of your information has been addressed, implemented and properly controlled. But the benefits don’t stop there:
- Customers, employees, and suppliers are confident in the knowledge that your management information and systems are secure.
- Demonstrates your active approach to this important new business threat
- It can save your company money – even a single information security breach can involve significant expense.
- Establishes that relevant laws and regulations are being adhered to
ISO 27001 contains a number of control objectives and controls. These include:
- Security policy
- Organizational security
- Asset classification and control
- Personnel security
- Physical and environmental security
- Communications and operations management
- Access control
- System development and maintenance
- Business continuity management