With the EU General Data Protection Regulation (GDPR)’s compliance deadline looming, any organisation that processes EU residents’ data will likely be investigating implementation options to help tackle its compliance project, if it hasn’t already done so.
Supervisory authorities such as the ICO have highlighted ISO 27001, the international standard that describes best practice for an information security management system (ISMS), as a way to provide assurance that the necessary technical and organisational requirements to prevent a data breach are in place.
How ISO 27001 helps achieve GDPR compliance
An ISMS is a set of policies, procedures and processes that manage information risks such as cyber attacks, hacks, data leaks or theft.
Implementing an ISO 27001-compliant ISMS is not only information security best practice but also integral to demonstrating data protection compliance.
Article 32 of the GDPR requires organisations to:
- Take measures to pseudonymise and encrypt personal data;
- Ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
- Restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and/or
- Implement a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of processing.
Article 32 further requires risks “from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data” to be identified and mitigated.
By following ISO 27001, you will be able to implement adequate and effective security measures, based on the outcomes of a formal risk assessment, to comply with the GDPR.
Benefits of an ISO 27001-compliant ISMS
Implementing an ISO 27001 ISMS can help your organisation:
- Win new business and retain existing customers;
- Avoid financial penalties and losses associated with data breaches;
- Protect and enhance your reputation; and
- Comply with business, legal, contractual and regulatory requirements, including the GDPR and the Directive on security of network and information systems (NIS Directive).
Successfully implement an ISO 27001 ISMS
April’s book of the month is the definitive compliance guide, covering all aspects of data protection and information security to help organisations successfully implement an ISO 27001-compliant ISMS.
An international bestseller now in its sixth edition, IT Governance – An International Guide to Data Security and ISO27001/ISO27002 provides best-practice guidance from ISO 27001 experts that demonstrates how to:
- Protect and enhance your organisation’s defences with an ISO 27001-compliant ISMS;
- Implement a robust governance system that covers all aspects of data protection and information security; and
- Defend your organisation against sophisticated and persistent cyber threats.