Jump to Navigation


ISO 27001 : 2013

ISO 27001 or to give it its full title ISO/IEC 27001: 2013 (Information technology - Security techniques - Information security management systems - Requirements), is a specification for the management of Information Security. It is applicable to all sectors of industry and commerce and not confined to information held on computers. It addresses the security of information to Gain ISO 27001 certification. ISO 27001 applies to all types and sizes of organisation and requires a commitment to continual improvement and compliance with applicable legislation and regulations. In particular, organisations are encouraged to assess their information security risks, and then implement appropriate information security controls using the relevant guidance and suggestions.

The information may be printed or written on paper, stored electronically, transmitted by post or email, shown on films, or spoken in conversation. Whatever form the information takes, or means by which it is shared or stored, ISO 27001 helps an organisation ensure it is always appropriately protected.
>Given the dynamic nature of information security, the ISMS concept incorporates continuous feedback and improvement activities that seek to address changes in the threats, vulnerabilities or impacts of information security incidents.


The series gives recommendations on risks and controls within the context of an overall Information Security Management System (ISMS), similar in design to management systems for quality (the ISO 9000 series) and environmental (the ISO 14000 series).

INFORMATION SECURITY CAN BE CHARACTERIZED AS:
  • Confidentiality - ensuring that access to information is appropriately authorised
  • Integrity - safeguarding the accuracy and completeness of information and processing methods
  • Availability - ensuring that authorized users have access to information when they need it

Systems Assured has a 100% success rate for their systems achieving first-time UKAS certification.


WHY IS INFORMATION SECURITY NEEDED?
Information security is now globally accepted as being a vital asset for most organizations and businesses. As such, the confidentiality, integrity, and availability of vital corporate and customer information may be essential to maintain competitive edge, cash-flow, profitability, legal compliance and commercial image. ISO 27001 is intended to assist with this task. It is easy to imagine the consequences for an organisation if its information was lost, destroyed, corrupted, burnt, flooded, sabotaged or misused. In many cases it can (and has) led to the collapse of companies.

How do you start to implement ISO 27001? What is involved?

Developing an Information Security Management System (ISMS) that satisfies the requirements of ISO 27001 involves three steps:
  • Creation of a management framework for information This sets the direction, aims, and objectives of information security and defines a policy which has management commitment

  • Identification and assessment of security risks Security requirements are identified by a methodical assessment of security risks. The results of this assessment will help guide and determine the appropriate management action and priorities for managing information security risks.

  • Selection and implementation of controls. Once security requirements have been identified, controls should be selected and implemented. The controls need to ensure that risks are reduced to an acceptable level and meet an organisation’s specific security objectives. Controls can be in the form of policies, practices, procedures, organisational structures and software functions. They will vary from organisation to organisation. Expenditure on controls needs to be balanced against the business harm likely to result from security failures.

One section of the actual standard provides guidance on its use. Adopting ISO 27001 cannot make your organisation immune from security breaches. But, it will make them less likely and reduce the consequential cost and disruption if they do occur.

ISO 27001 CONTAINS A NUMBER OF CONTROL OBJECTIVES INCLUDING:
  • Security policy
  • Organisational security
  • Asset classification and control
  • Personnel security
  • Physical and environmental security
  • Communications and operations management
  • Access control
  • System development and maintenance
  • Business continuity management
  • Compliance

To develop your information security management, call us now on 0843 080 1917  

          

Contact Us or Find Out More

Systems Assured Limited © 2012-2016 | 0843 080 1917 Privacy Policy | Terms Of Use