ISO/IEC 27001 – Information Security Management System
Information security means the protection of information and information systems against unauthorised access, use, disclosure, disruption, modification or destruction. For over twenty years, the most important principles of information security have been (confidentiality, integrity and availability – also known as the ‘CIA triad’)). Information Security Management System (ISMS) is part of a general management system in companies and promotes the security of information related to risk management.
The principal concept behind an ISMS for an organisation is the design, implementation and maintenance of a coherent totality of processes and systems for the effective management of information accessibility. Just as in the case of all management processes, an ISMS must remain effective and efficient in the long term, and has to be modified in accordance with changes in the internal organisation and the external environment. ISO/IEC 27001 comprises the well-known PDCA circle of Deming “Plan-Do-Check Act” with a view to achieving continuous improvement.
ISO/IEC is the recognised standard for the critical domain of risk management. It is now increasingly used by clients from the private sector and the public sector to assess the performance of their information security systems.
A certificate as per ISO/IEC 27001 will help you manage and protect your valuable information assets. It will help you to gain the confidence of all the concerned parties, particularly your customers.
Through a systematic approach, the standard ensures the continuity of activities, minimises activity loss, and makes it possible to determine which assets are critical. It ensures a better understanding of corporate aspects, and gives you the assurance that your investments relating to information security are aimed at the appropriate objective. We independently verify whether your organisational risks have been properly identified via the Business Risk Assessment.
The process of periodic evaluations helps you increase the effectiveness of your operations, and to improve your insurance obligations. But above all: this standard gives you confidence, it motivates the management, and makes it possible to promote the quality of your security to your customers.
Legislations
- Intellectual property rights
- Protection of information about the organisation
- Protection of information and privacy of personal information
- Prevention of misuse of information processing facilities
- Regulation of cryptographic controls
Norms and Standards
ISO/IEC 27001: 2013 Information technology- Security techniques – Information Security Management Systems – Requirements.
Basis for the 27k family:
- ISO/IEC 27002 Information technology – Security techniques – Code for information security
- ISO/IEC 27003 Guide for implementation
- ISO/IEC 27004 ISMS measurements
- ISO/IEC 27005 Risk Management approach
- ISO/IEC 27006 Certification Process
- ISO/IEC 27007 Auditing system
- ISO/IEC 27008 Auditing controls
- ISO/IEC 27011 Guidelines for the telecommunication industry
- ISO/IEC 27013 Integration with ITSMS (Information Technology Service Management Systems)
- ISO/IEC 27014 Governance
- ISO/IEC 27015 Financial and insurance sector
- ISO/IEC 27031 Business continuity
- ISO/IEC 27032 Cyber security
- ISO/IEC 27033 IT network security
- ISO/IEC 27034 Application security
Interested in this solution? Contact us!
Contact
Ask your question directly to the specialised team within your sector.
