ISO 27001 : 2013
The ISO 27001:2013 standard adopts a process approach for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an organization’s information security management system.
The standard takes a comprehensive approach to information security. Assets that need protection range from digital information, paper documents, and physical assets (computers and networks) to the knowledge of individual employees. Issues you have to address range from competence development of staff to technical protection against computer fraud.
ISO 27001 will help you protect your information in terms of the following principles:
- Confidentiality ensures that information is accessible only to those authorized to have access.
- Integrity safeguards the accuracy and completeness of information and processing methods.
- Availability ensures that authorized users have access to information and associated assets when required.
Achieving ISO 27001 certification shows that a business has:
- Protected information from getting into unauthorised hands
- Ensured information is accurate and can only be modified by authorised users
- Assessed the risks and mitigated the impact of a breach
- Been independently assessed to an international standard based on industry best practices
- Domains of ISO/IEC – 27001
- Security policy
- Asset management
- Human resources security
- Physical and environmental security
- Communications and operations management
- Access control
- Information systems acquisition, development, and maintenance
- Information security incident management
- Business continuity management
- Compliance
- Organization of information security
- Benefits of ISO 27001:2013
- Increased reliability and security of systems and information
- Improved customer and business partner confidence
- Increased business resilience
- Alignment with customer requirements
- Improved management processes and integration with corporate risk strategies
