ISO 27001 ( ISMS) is specifies the management of Information Security. Applicable to all sectors of industry and commerce, it is not confined just to information held on electronic systems, but addresses the security of information in whatever form it is held. ISO 27001 is one of the standards in the ISO 27000.
This series of ISO/IEC 27001 is deliberately broad in scope, covering more than just privacy, confidentiality and IT or technical security issues. It is applicable to organizations of all shapes and sizes. All organizations are encouraged to assess their information security risks, and then implement appropriate information security controls according to their needs, using the guidance and suggestions where relevant. Given the dynamic nature of information security, the ISMS concept incorporates continuous feedback and improvement activities, summarized by Deming's "plan-do-check-act" approach, that seek to address changes in the threats, vulnerabilities or impacts of information security incidents.
Why do you need ISO/IEC 27001?
Information is now globally accepted as being a vital asset for most organisations and businesses. As such, the confidentiality, integrity, and availability of vital corporate and customer information may be essential to maintain competitive edge, cash-flow, profitability, legal compliance and commercial image. ISO 27001 is intended to assist with this task. It is easy to imagine the consequences for an organisation if its information was lost, destroyed, corrupted, burnt, flooded, sabotaged or misused. In many cases it can (and has) led to the collapse of companies.
Gaining certification from a AA-ISO ,demonstrates that the security of your information has been addressed, implemented and properly controlled. But the benefits don’t stop there:
Customers, employees, trading partners and stakeholders are comforted in the knowledge that your management information and systems are secure.
Demonstrates credibility and trust.
Cost savings - even a single information security breach can involve significant expense.
Establishes that relevant laws and regulations are being adhered to, Shows that a commitment to Information Security exists at all levels throughout an organisation.