ISO 27001 is the International Standard for Information Security and is one of the most popular process-based standards.
In this article, Lisa Dargan, Business Development Director at Ultima Risk Management (URM) provides a summary of its purpose, value and why it has been updated.
What is the Purpose of ISO 27001?
ISO 27001 provides a framework around which organisations, of all sizes and from different market sectors, can build a management system to protect one of their most important assets, information. Adopting a risk based approach, ISO 27001 enables organisations to select suitable and proportionate controls for information held electronically, on paper or other media. The information security management system (ISMS) incorporates ongoing management review and auditing activities to ensure that information security practices are appropriate, remain relevant and are continually improved. Certifying to ISO 27001 involves an external assessment of an organisations ISMS by an accredited certification body.
Why is it so Popular?
Information is quite simply the lifeblood of every organisation and it is absolutely critical that its confidentiality, integrity and availability (CIA) is protected. Achieving certification to ISO 27001 demonstrates that not only is an organisation meeting its own information security objectives but it is complying with regulations, legislation, is aware of and takes seriously its responsibilities and, possibly most importantly, is meeting the expectations of its customers.
Why Has it Been Updated?
ISO 27001 has recently undergone a thorough revision process, with ISO 27001:2013 replacing the original 2005 version of the Standard. In addition to updating the controls to reflect current threats and technologies, there is an increased focus on the setting of information security objectives, metrics and measurement. However, one of the most fundamental changes is that ISO 27001 has been written using the high level structure which is common to all new management system standards, thereby allowing easier integration with those Standards e.g. ISO 9001.
Continuity Partner Summary
We are seeing increasing interest from smaller companies who are looking to either Certify to ISO 27001 or work towards the standard. The main driver to embrace the ISO is to win new business from larger customers who mandate that all their suppliers are ISO 27001 certified. To find out more about ISO 27001 please Contact Us