ISO 27001 Consultancy
ISO/IEC 27001:2013 is a global specification for Information Security Management Systems (ISMS). An ISMS is a framework of policies and procedures that includes an organisations’ physical, technical and legal controls over their information risk management processes.
The specification includes details for documentation, management responsibility, internal audits, continual improvement, and corrective and preventive action. The standard requires cooperation among all sections of an organisation. The standard was developed to provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system. Certification to ISO 27001 is now a common requirement of many tender specifications and is increasingly mandated as essential in supplier chain contracts.
Challenges of Implementing ISO 27001
One of the key features of ISO 27001 is that it is risk based. The implementation of controls (technical measures, policies, processes etc.) is not prescriptive but is determined by an information risk assessment taking into account your risk appetite and the information you are seeking to protect. The goal with ISO 27001 is achieving an optimum balance, where the mandatory management system requirements of the Standard are being met whilst ensuring that your ISMS is tailored as fully as possible to your organisation’s size, culture and business objectives.
Three numbers that don’t look too important, but they are actually one of the first lines of defence in the […]Read More