Two and a half years ago I started working for IT governance. Back then, coming from an entertainment and leisure background, I had no idea what ISO 27001 was. Now – I’d like to think – that I have a pretty good understanding of this information security standard.
Make no mistake ISO 27001 can seem difficult to get your head around. However you’ve come to hear about the standard – whether it’s because you’re being asked to improve information security, it’s being requested contractually or you’re developing an enterprise management system, hopefully this bite-size guide will help.
ISO 27001 and information security management systems
ISO 27001 is the international standard that describes the best practice specification for an information security management system (ISMS). So what’s an ISMS I hear you ask? Well an ISMS is a systematic approach for organisations to manage the confidentiality, integrity and availability (CIA) of their information assets. As part of an overall management system an ISMS functions to protect, monitor and improve how information security is handled within an organisation.
It’s not all about software
Think about information or cyber security and most people will automatically think about software. Whilst software has a large part to play in helping organisations improve their information security, it fails to cover the people or process element of keeping information safe. The best and most robust software in the world can easily be found wanting if there aren’t effective processes and well trained staff in place. ISO 27001 covers information security in the context of physical data (files, usb sticks, laptops, building security), digital data (anything stored or processed digitally including mobiles) and people.
Globally accepted certification
A certification programme exists for ISO 27001, providing the standard with a globally accepted status. ISO 27001 also requires a continual method of improvement, ensuring that if you want to keep your ISO 27001 certificate that you have to continually review and improve your ISMS. This is especially important as organisations embrace new processes, procedures and technology.
Show me the money
There are huge business benefits on offer for organisations who pursue ISO 27001 certification. From managing data more effectively, improving cyber security and meeting contractual obligations ISO 27001 certification offers organisations huge competitive advantage.
Information is the life blood
Modern organisations depend upon information and in an ever more inter-connected digital world the dependency on information will only increase. At the crux of ISO 27001 is providing proportional measures to ensure the CIA of your information. ISO 27001 will help your organisation run more effectively by handling data more efficiently.
Please sir, can I have some more…
I hope this bite-size guide has given you a good overview of ISO 27001. If you want to learn more about ISO 27001 then why not:
Call us on 0845 070 17 50 to discuss your ISO 27001 requirements.