ISO 27001 is established by the International Organization for Standardization (ISO) This standard has replaced BS 7799 and provides an international Information Security Management System (ISMS) standard. The standard is comprised of two parts:
ISO 17799: guidance on implementing ISMS.
ISO 27001: standard against which ISMS can be certified.
Benefits of ISO 27001: Protecting your Assets
The standard takes a comprehensive approach to information security. Assets that need protection range from digital information, paper documents, and physical assets (computers and networks) to the knowledge of individual employees. Issues you have to address range from competence development of staff to technical protection against computer fraud.
ISO 27001 will help you protect your information in terms of:
Confidentiality ensures that information is accessible only to those authorized to have access.
Integrity safeguards the accuracy and completeness of information and processing methods.
Availability ensures that authorized users have access to information and associated assets when required.
Certification of ISO 27001 will enhance the credibility of any organization. Certification demonstrates the validity of your information and your commitment to upholding information security. It would open up new business opportunities with security conscious customers/clients, improving employee ethics and strengthening the notion of confidentiality throughout the workplace.
1. Which organization is eligible for ISO27001 certification?
ISO 27001 is suitable for any organization, large or small, in any sector or part of the world. The standard is particularly suitable where the protection of information is critical, such as in the finance, health, public and IT sectors.
ISO 27001 is also highly effective for organizations which manage information on behalf of others, such as IT outsourcing companies: it can be used to assure customers that their information is being protected.