What is ISO 27001?

Are your IT systems safe?

Information is Valuable - protect it!

ISO 27001 is a British Standard designed to help businesses and their suppliers introduce procedures capable of safeguarding the business against threats such as employee sabotage, hacking, terrorism. Both internal and external threats are addressed, protecting data, its storage, retrieval and transmission.

Why is Information Security Needed?

Information is now globally accepted as being a vital asset for most organizations and businesses. As such, the confidentiality, integrity, and availability of vital corporate and customer information may be essential to maintain competitive edge, cash-flow, profitability, legal compliance and commercial image. ISO 27001 is intended to assist with this task. It is easy to imagine the consequences for an organisation if its information was lost, destroyed, corrupted, burnt, flooded, sabotaged or misused. In many cases it can (and has) led to the collapse of companies.

ISO 27001 is published in two parts:

ISO 27001 Specification for information security systems. Information security is dealt with within ISO 27001 by the protection of data Confidentiality, Integrity and Availablity:

ISO 27002 Code of practice for information security management

Confidentiality

Integrity - safeguarding the accuracy and completeness of information and processing methods.

Availability - ensuring that authorized users have access to information and resources as and when required.

ISO 27001 contains a number of control objectives and controls

These include:

Security policy

Organizational security

Asset classification and control

Personnel security

Physical and environmental security

Communications and operations management

Access control

System development and maintenance

Business continuity management

Compliance