What is ISO 27001 and why do you need it?
Summary
-
ISO 27001 is the international standard that provides the specification for a best-practice information security management system (ISMS)
-
Achieving accredited certification to ISO 27001 provides an independent, expert assessment that our information security policies and procedures are managed in line with international best practice
-
ISO 27001 divides controls into 14 categories
-
There are many benefits to ISO27001 which help reassure the clients we work with
What Is ISO 27001?
ISO 27001 is the international standard that provides the specification for a best-practice information security management system (ISMS). You may be familiar with the International Organisation for Standardisation, which sets standards, criteria, and best practices for a wide range of purposes. ISO 27001 is their international standard for securing and documenting your information security management system or ISMS 7001. It uses the term documented information, which means any organisation can retain the necessary information in the way that best suits it and to the extent that is needed.
Achieving accredited certification to ISO 27001 provides an independent, expert assessment that our information security policies and procedures are managed in line with international best practice. This involves security controls and regular external audits to verify our security controls implementation.
ISO 27001 divides controls into 14 categories:
- Information Security Policies
- Organisation of Information Security
- Human Resource Security
- Asset Management
- Access Control
- Cryptography
- Physical and Environmental Security
- Operations Security
- Communications Security
- System Acquisition and Maintenance
- Supplier Relations
- Security Incident Management
- Business Continuity Management
- Compliance
ISO 27001 is a certification and for a large proportion of the work we do, it is required by our high-level clients so they can assure that we have proper data security in place, which helps to keep their data (and their customers’ data) secure from internal and external threats.
The truth is, just because it is about information security, it does not mean it shouldn’t concern other departments. In fact, every single person in the organisation will have responsibilities for the ISMS as information isn’t just the concern of the information technology team.
The benefits of ISO 27001 certification
We believe there are many benefits to ISO27001 which help reassure the clients we work with:
1/ Trust – Not Putting Business at Risk
When a client or partner chooses to do business with us, our valid ISO 27001 certification shows them that we are doing our due diligence to protect their business. It provides assurance to our clients that Information Security is taken seriously and that we have a robust system of processes to secure their data.
2/ Improved Internal and External Security
ISO 27001 certification is not an arbitrary checklist. All of the security controls in ISO 27001 exist for a reason: because they make our ISMS safer and more secure. This is vital for our business’s stability because it lowers our risk for a data breach. Even a single data breach can be devastating – we know, as we have dealt with getting many businesses back up and running. A data breach or cyber-attack can cost businesses thousands (or more) to directly fix the problem, in addition to potentially driving clients away by damaging their reputation.
3/ Allows for the Secure Exchange of Information
This standard helps us identify the threats towards our information security and create plans to address them. This kind of process helps us manage and minimise risk exposure and automatically leads to a safer information exchange.
4/ Meets Legal or Third-Party Obligations
This standard is recognised and used by many organisations worldwide, and by applying its clear and practical instructions, we can prove our trustworthiness concerning information and data security. We work to a very robust framework that empowers us to identify risks, known and unknown.
Find out more here or download our ISO27001 certificate