The standard was previously known as BS 7799 and ISO 17799 and the ISO 27001 (ISMS) standard was published in 2005 and re-released in 2013.
ISO 27001 is the British Standard for an Information Security Management System (ISMS). It is the only (ISMS) that is auditable to international standards.
Information is vital to every organisation and the standard provides an auditable method of monitoring, protecting and managing information and data systems.
Loss of data and information of any kind can, at the very least, be inconvenient to an organisation, at worst it can lead to its collapse.
How will ISO 27001 certification help my organisation?
ISO 27001 is suitable for all organisations worldwide, large or small and across all business sectors.
By implementing a robust system to manage information within an organisation you will protect information assets to ensure continuity of business should damage or loss occur.
Loss or damage could be caused by natural disasters such as fire or flood, accidental loss or mismanagement, corrupted or stolen data, the effects of any of these losses can have catastrophic consequences for organisations.
Data can be Information that an organisation processes or owns. This can be electronically stored data, information transmitted by post or email, printed data or information that individuals hold within the organisation.
By implementing ISO 27001 an organisation will identify the type of information that exists within the organisation and define the risks and threats. Systems, controls and procedures can then be set up to minimise the risk.
ISO 27001 provides a system for monitoring and maintaining:
- Confidentiality of information
- Availability of information
- Accuracy of information
Organisations that handle information on behalf of others can benefit greatly from being certified because they are able to show they have a process in place for continual monitoring and protection of third party data.
Gaining ISO 27001 certification will give your customers confidence in the knowledge that security risks have been assessed and minimised and that you have systems in place to protect and recover information quickly if there is a loss.
A process of continual improvement and assessment will provide your organisation with the necessary management tools to monitor and improve the security of your information.