Donate button to use PayPal and donate £1. Thanks!
This box is called an opportunity box and the text you’re now reading could be your
advert. Whether you’re a company or an individual wishing to advertise your services,
products or skillset and availability Contact Us to enquire and fill this box to
create your opportunity.
ISO 27001 download What is ISO27001?
ISO27001 is the International Standard for Information Security – it outlines an
auditable framework for a robust Information Security Management System (ISMS). It
recognises the importance of Information as a valuable asset of the business and,
therefore, information confidentiality, integrity and availability is paramount.
Although obtaining ISO 27001 Certification does not guarantee that an organisations
information is ‘secure’, it does mean that the organisation has engaged in activities
to identify and manage security risks which, therefore, reduces the likelihood of
Information Security breaches. There are many benefits for an organisation achieving
ISO 27001 Certification: It provides increased ‘customer confidence’ as well as increasing
the confidence of suppliers, partners and stakeholders that the organisations information
systems are secure; it demonstrates credibility; it demonstrates relevant legislation
and Regulations are being met; it demonstrates a commitment to Information Security
throughout the organisation; from the top down; it may realise cost savings via reduced
security breaches. ‘Information’ includes that kept on computer systems, paper,
transmitted by post, email, films, spoken conversations – in fact, any information
stored on whatever media. ISO 27001 aims to preserve information: Confidentiality,
Integrity and Availability. The Standard itself contains many control objectives
and specified controls:
· Security Policy
· Organisational Security
· Asset Classification and Control
· Personnel Security
· Physical and Environmental Security
· Communications and Operations Management
· Access Control
· System Development and Maintenance
· Business Continuity Management
To implement an ISO 27001 Information Security Management System (ISMS), firstly
the organisation must define the Scope of the ISMS i.e., the top level aims and objectives
and, define an Information Policy. Secondly, the organisation needs to define a
method of security risk assessment and, identify the risks and assess them. This
will also aid in the identification of the security requirements. Finally, Controls
(which may be policies, practices, procedures, organisational structures and software
functions) need to be selected and implemented to monitor and manage the security
requirements and identified risks.
Once an organisation has carried out the above, they may engage an accredited external
auditor. The Auditor will review documentation including the ISO 27001 Scope, Security
Policy, risk assessments, risk treatment plan, Statement of Applicability, processes
and procedures. The Auditor will attend the organisation to check the implemented
controls (practices, procedures etc.) are being followed.
Only after a successful ISO 27001 audit will the organisation be awarded Certification.
The Auditors will then visit once or twice per year to carry out ‘surveillance visits’
– ensuring the ISMS is being adhered to and, continues to be effective.
Given that ISO Standards are based on the ‘Plan-Do-Check-Act’ cycle of continuous
improvement, it is rare for organisations to not receive some minor non compliance