The standard was previously known as BS 7799 and ISO 17799 and the ISO 27001 (ISMS) standard was published in 2005 and re-released in 2013.
ISO 27001 is the British Standard for an Information Security Management System (ISMS). It is the only (ISMS) that is auditable to international standards.
Information is vital to every organisation and the standard provides an auditable method of monitoring, protecting and managing information and data systems.
Loss of data and information of any kind can, at the very least, be inconvenient to an organisation, at worst it can lead to its collapse.
ISO 27001 is suitable for all organisations worldwide, large or small and across all business sectors.
By implementing a robust system to manage information within an organisation you will protect information assets to ensure continuity of business should damage or loss occur.
Loss or damage could be caused by natural disasters such as fire or flood, accidental loss or mismanagement, corrupted or stolen data, the effects of any of these losses can have catastrophic consequences for organisations.
Data can be Information that an organisation processes or owns. This can be electronically stored data, information transmitted by post or email, printed data or information that individuals hold within the organisation.
By implementing ISO 27001 an organisation will identify the type of information that exists within the organisation and define the risks and threats. Systems, controls and procedures can then be set up to minimise the risk.
ISO 27001 provides a system for monitoring and maintaining:
Organisations that handle information on behalf of others can benefit greatly from being certified because they are able to show they have a process in place for continual monitoring and protection of third party data.
Gaining ISO 27001 certification will give your customers confidence in the knowledge that security risks have been assessed and minimised and that you have systems in place to protect and recover information quickly if there is a loss.
Implementing an information security management system will provide your organisation with a system that will help to eliminate or minimise the risk of a security breach that could have legal or business continuity implications.
An effective information security management system (ISMS) provides a management framework of polices and procedures that will keep your information secure, whatever the format.
Following a series of high profile cases, it has proven to be very damaging to an organisation if information gets into the wrong hands or into the public domain. By establishing and maintaining a documented system of controls and management, risks can be identified and reduced.
Achieving ISO27001 certification shows that a business has:
ISO27001 accreditation demonstrates that you have identified the risks, assessed the implications and put in place systemised controls to limit any damage to the organisation.
Benefits include:
Achieving ISO 27001 is not a guarantee that information breaches will never occur, however by having a robust system in place, risks will be reduced and disruption and costs kept to a minimum.