ISO IEC 27001
After the people, the most important asset a company has is its Information. Customers, systems, procedure, products, transactions, etc… The perceived value of Information Technology combined with the recent reports of breaches that were reported in the press are highlighting the requirement for quality protection. In order to ensure continuity of your operation, regardless of the events you are facing daily, the security of your IT and your critical business information is paramount and you must actively monitor and manage it.
Your company is constantly under threat, from internal sabotage or external hacking, from accidental viruses or data leak. You must be prepared on all fronts, while the attacker only need to find ONE vulnerability they can exploit. A breach of your security can have dramatic results on your company’s future, vital information can disappear, or get corrupted. You MUST have procedure and systems to avoid this, and also remedy and plans in case it happens.
ISO 27001 is an internationally recognised information security management system, and it is suitable for any organisation, including SMBs from any type of activity. The aim of ISO 27001 is to protect your sensitive information by keeping it confidential, reliable and making it available when needed.
While the focus of the ISO certification is the IT department, it is obviously a standard that will concern the entire company. The support of the management is critical as in any changes involving people and their behavior. Together with the top management, individual departments will be involved in a very interactive mode. This will include Training, Education, Security of people and places, Legal department and Office admin. This will also include Outsourcing firms if any. The focus however will always remain on employees and their attitude, behavior and knowledge of the risks.
Appropriate response to incident, documentation and follow up procedure must be clearly defined and the knowledge must be shared throughout the entire company.
The IT department is the main focus of ISO 27001 implementation, but the standard involves areas in the entire company as well. The main driver, sponsor, and promoter of the change must be the company’s management, while its IT is mainly responsible for its execution. In addition to management and IT, the departments that must be involved include HR, Training and education, building security, building maintenance, legal department as well as suppliers, outsourcing and, last but not least, employees.
One of the main benefits of ISO 27001 is the credibility gained from Vendors and Suppliers, but also more importantly from Customers and Employees.
What areas are we focusing on in our Information security Audit :
- Security policy
- Access control
- Physical and environmental security
- Organization of information security
- Systems and software development and maintenance
- Asset management
- Operations management
- Incident management
- Business continuity management
- Regulation and law Compliance
Basic Requirements for your ISO 27001
- Analyze risks to information security
- Define specific and optimal security goals
- Document methods
- Document all risks
- Implement measures to mitigate and manage risks
- Assign accountability for risk management
- Measure information security
- Develop a culture of continuous improvement
What Certification Does
- Demonstrates to your customers that the security of their information is paramount
- Demonstrates the integrity of your data and systems
- Demonstrate your commitment to information security
- Demonstrates that applicable laws and regulations are observed
- Reduce the possible risk of fraud, information loss and disclosure
- Meets corporate governance and business continuity requirements
- Ensure that Risks are properly identified, assessed and managed,
- Credibility of your organization
- Improves employee ethics
- Reduces the risks associated with unsecured data and information
- Protects vital business assets with regular backups
- Clarifies your corporate information system structure
- Opens up new business opportunities with security conscious customers
- Provides a competitive advantage over companies that aren’t certified