Information security means the protection of information and information systems against unauthorised access, use, disclosure, disruption, modification or destruction. For over twenty years, the most important principles of information security have been (confidentiality, integrity and availability – also known as the ‘CIA triad’)). Information Security Management System (ISMS) is part of a general management system in companies and promotes the security of information related to risk management.
The principal concept behind an ISMS for an organisation is the design, implementation and maintenance of a coherent totality of processes and systems for the effective management of information accessibility. Just as in the case of all management processes, an ISMS must remain effective and efficient in the long term, and has to be modified in accordance with changes in the internal organisation and the external environment. ISO/IEC 27001 comprises the well-known PDCA circle of Deming “Plan-Do-Check Act” with a view to achieving continuous improvement.
ISO/IEC is the recognised standard for the critical domain of risk management. It is now increasingly used by clients from the private sector and the public sector to assess the performance of their information security systems.
A certificate as per ISO/IEC 27001 will help you manage and protect your valuable information assets. It will help you to gain the confidence of all the concerned parties, particularly your customers.
Through a systematic approach, the standard ensures the continuity of activities, minimises activity loss, and makes it possible to determine which assets are critical. It ensures a better understanding of corporate aspects, and gives you the assurance that your investments relating to information security are aimed at the appropriate objective. We independently verify whether your organisational risks have been properly identified via the Business Risk Assessment.
The process of periodic evaluations helps you increase the effectiveness of your operations, and to improve your insurance obligations. But above all: this standard gives you confidence, it motivates the management, and makes it possible to promote the quality of your security to your customers.
ISO/IEC 27001: 2013 Information technology- Security techniques – Information Security Management Systems – Requirements.
Basis for the 27k family:
Ask your question directly to the specialised team within your sector.