ISO 27001 (Information Security Management)
ISO 27001:2013 is the latest iteration of the internationally-recognised standard for Information Security Management Systems. It demonstrates an organisation’s commitment to prevent the theft, loss, damage or misuse of any sensitive information it holds or to which it has access.
ISO/IEC 27001 requires that management:
- Systematically examine the organization’s information security risks, taking account of the threats, vulnerabilities, and impacts;
- Design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable; and
- Implement a management system which ensures information security controls continue to meet the organization’s needs on an on-going basis.
The key benefits of 27001 are:
- It ensure your organisation meets all legal data protection requirements;
- It provides an opportunity to identify and manage risks to key information and systems assets;
- Provides confidence and assurance to trading partners and clients; acts as a marketing tool and
- Allows an independent review and assurance to you on information security practices
A company may want to adopt ISO 27001 for the following reasons:
- It is suitable for protecting critical and sensitive information
- It provides a holistic, risked-based approach to secure information and compliance
- Demonstrates credibility, trust, satisfaction and confidence with stakeholders, partners, citizens and customers
- Demonstrates security status according to internationally accepted criteria
- Creates a market differentiation due to prestige, image and external goodwill
Ensure you’re Information Security Management systems meets requirements – call JBS for a free no-obligation consultation