A key concern for today’s companies that increasingly rely on the information system is how to manage the information and see to its protection. The ISO/IEC 27001 Information Security Management System (ISMS) standard addresses this very concern and covers the preservation of confidentiality and ensuring the integrity and availability of information.
The ISO/IEC 27001 standard will help to address the all-too common and often devastating business impacts such as glitches due to viruses, loss of information, improper disclosure and inability to retrieve information.
Benefits of Implementing ISO/IEC 27001
ISO/IEC 27001 provides uncountable benefits - both tangible and intangible. A typical organisation would enjoy the following:
a systematic approach to control its information system and well defined procedures and supporting documentation
the means to manage a key business risk and assure business continuity
correspondingly, a reduced number of information security glitches and breaches
attract and retain technical specialists in this field
and ultimately, improved confidence both internally and externally in the integrity and security of its information management
Is this an industry-specific standard? Can the Information Technology (IT) Department at my organisation implement this standard?
This standard is not an industry-specific standard per se though most who implement it tend to be organisations in the business of information security or managing information. An IT or an Information Security (IS) Department in a manufacturing facility or a bank may find it useful as well to assure others that it has a system in placed for information security
Does the standard just apply to IT?
Information security is not just IT security. Information may exist in many other forms - written, printed, verbalised or in images. The underlying principle of this standard is that information in any form, whichever means it is stored, shared or used, must always be appropriately protected.
The ISMS assists organisations to carry out the day-to-day management of information in a systematic way and to improve on the protection of this very crucial resource in all organisations ie information.
Interested in discussing your requirements? Let’s talk.