ISO/IEC 27001:2013 is the de-facto standard for information security management systems (ISMS), irrespective of size, sector or industry.
In simple terms, an ISMS sets out the policies, procedures and supporting activities (such as the implementation of technical, physical and administrative controls) to systematically manage information assets within an organisation.
While ISO 27001 sets out the specification for an organisation's ISMS it does not mandate the implementation of specific elements, but instead provides recommendations for documentation, audit processes to provide continual improvement. It can be utilised in conjunction with the ISO/IEC 27002:2013 document, which provides further details regarding both the control areas and specific controls outlined in 27001.
It should be noted that implementation of an ISMS should be regarded as a business process and not purely an IT-related process, given the requirement for both implementation and ongoing operation of administrative management controls in addition to 'IT' ones.
Being compliant with, and subsequently being certified to, the ISO 27001 standard can benefit your organisation in a number of ways:
Your organisation can provide evidence that it takes security of managed information seriously and has implemented multiple steps to protect confidentiality, integrity and availability;
It provides confidence to your customers and shareholders that data will be appropriately secured;
It potentially provides a business advantage when tendering for new business or as part of the process to become a preferred supplier to government
Resilience to potential future attacks by malicious parties is increased by having formal processes/procedures in place to ensure business continuity and variability of critical systems;
Evidence can be provided showing that your organisation is looking to continually improve its security for information, given the ever-changing threat landscape;
Depending on whether you are looking to commence your implementation of an ISMS or whether you would like advice on an ongoing implementation, we can provide assistance to your organisation.
Please contact us for more information regarding your requirements relating to ISMS implementation.