If your organisation is concerned about information security, it should have an ISO 27001-compliant information security management system (ISMS) in place. Implementing an ISMS helps organisations manage their security practices, as well as helping to monitor, audit and improve their information security.
ISO 27001 is the international standard that describes best practice for an ISMS. In the UK, the number of organisations certified to the Standard increased by 20% in 2016, bringing the total to more than 33,000.
So why are so many organisations adopting ISO 27001?
1. It protects and improves organisations’ reputations
Cyber attacks have become more sophisticated in the past few years, leading to growing financial and reputational damage for affected organisations. The negative effects of security incidents can be seen to some extent in almost all breaches, but for an extreme example, see the aftermath of the 2015 TalkTalk breach.
The telecoms company was fined £400,000 after it lost 157,000 customers’ personal data, but this pales in comparison to the subsequent damage. TalkTalk lost more than 100,000 customers, its share price halved in the three months following the attack, and the cost of IT support, customer support and loss of sales reportedly totalled £60 million.
Certifying to ISO 27001 doesn’t guarantee that an organisation won’t be hit by a cyber attack, but it does mitigate the risk.
2. It helps organisations avoid financial penalties
Even if an organisation that’s certified to ISO 27001 is attacked, regulators are less likely to issue fines. This is because ISO 27001 is the global benchmark for information security, meaning the organisation was doing all it could to prevent the attack.
3. It improves organisations’ structure and focus
When a business grows rapidly, it’s easy for confusion to spread about who is responsible for which information assets. ISO 27001 helps businesses become more productive by clearly setting out information risk responsibilities.
Assigning and communicating roles and responsibilities is important, because that’s how employees in the company will know what is expected of them, what their impact is on information security and how they can contribute.
4. It reduces the need for frequent audits
Because ISO 27001 is so well respected, certification to the Standard often negates the need for repeated customer audits and reduces the number of external customer audit days.
View a full list of the benefits of achieving accredited certification to ISO 27001 here.
Become an ISO 27001 lead auditor
If you want to learn how to plan, implement and maintain an ISO 27001-compliant ISMS, you should enrol on our ISO27001 Certified ISMS Lead Implementer course.
Developed by IT Governance’s founders, Alan Calder and Steve Watkins, this fully accredited, practitioner-led course shows you how to successfully execute your compliance project. You’ll learn how to implement ISO 27001 in nine steps and have the opportunity to get involved in group discussions, practical exercises and case studies.