ISO 27001

ISO 27001 is an Information Management Security System setting the objective to establish standard for enterprise information security as to provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an Information Security Management System.

ISO 27001 requires that management:

  • Systematically examine the organization's imminent and potential information security risks, after analyzing threats, vulnerabilities and impacts;
  • Design and implement a coherent and comprehensive information security controls and/or other forms of information security risk management program to avert those risks that are unacceptable; and
  • Establish a management policy to ensure that the information security controls continue to meet the organization's information security needs on an ongoing basis.

BENEFITS

  • Alignment of information technology services and business strategy resulting improved information security.
  • Provides a benchmark type comparison with best practices
  • Creates competitive advantage via the promotion of consistent and cost-effective services.
  • By requiring ownership and responsibility at all levels, it creates a progressive ethos and culture.
  • Reduction of risk and thus cost in terms of external service receipt
  • Through the creation of a standard consistent approach, aids major organizational changes.
  • Enhanced reputation and perception
  • Fundamental shift to pro-active rather than re-active processes
  • Improved relationship between different departments via better definition and more clarity in terms of responsibility and goals.
  • Creation of a stable framework for both resource training and service management automation.