top of page

ISO/IEC 27001 Information Security

Iinformation is critical to the operation and perhaps even the survival of your organization. Being certified to ISO/IEC 27001 will help you to manage and protect your valuable information assets.

ISO/IEC 27001 is the only auditable international standard which defines the requirements for an Information Security Management System (ISMS). The standard is designed to ensure the selection of adequate and proportionate security controls.

This helps you to protect your information assets and give confidence to any interested parties, especially your customers. The standard adopts a process approach for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving your ISMS.

 

Who is it relevant to?

ISO/IEC 27001 is suitable for any organization, large or small, in any sector or part of the world. The standard is particularly suitable where the protection of information is critical, such as in the finance, health, public and IT sectors.

 

ISO/IEC 27001 is also highly effective for organizations which manage information on behalf of others, such as IT outsourcing companies: it can be used to assure customers that their information is being protected.

1. Gap Analysis & Planning:

 

  • Ensure you have the commitment of top management.
  • Define, with the authorization of top management, your company's information security policy.
  • Planning must be completed to establish a framework for identifying  gap assessments and the implementation of necessary control measures.
  • Legal obligations must be identified and understood, objectives set and a management programme for achieving them implemented; this entire process should be documented.

2. Implementation of IEC 27001:

  • Introducing performance, measuring and monitoring practices.
  • Establishing and documenting responsibility and authority for accidents, incidents, non-conformities, and corrective and preventative action.
  • Establishing a procedure for records and records management.
  • Auditing and assessing the performance of the management system.
  • Performing management reviews of the system at identified and defined intervals.

3. Internal Audit Process

4. Certification Audit Process

Certifying your ISMS against ISO/IEC 27001 can bring the following benefits to your organization:

  • Demonstrates the independent assurance Your internal controls and meets corporate governance and business continuity requirements
  • Independently demonstrates that applicable laws and regulations are observed
  • Provides a competitive edge by meeting contractual requirements and demonstrating to your customers that the security of their information is paramount
  • Independently verifies that your organizational risks are properly identified, assessed and managed, while formalizing information security processes, procedures and documentation
  • Proves your senior management’s commitment to the security of its information
  • The regular assessment process helps you to continually monitor your performance and improve

Note: these benefits are not realized by organizations who simply comply with ISO/IEC 27001 or the recommendations in the Code of Practice standard, ISO/IEC 17799

Overview
Benefits
Steps to certification
bottom of page