What is ISO/IEC 27001 - Information Security Management?
ISO/IEC 27001 is the most well-known standard in the ISO/IEC 27000 family of standards for an information security management system, which helps organisations keep information assets/data secure. It certifies that the company has a systematic approach to managing sensitive information, ensuring the security of the data it holds. An organisation can become certified by an accredited certification body.
What are the main aspects of ISO/IEC 27001?
There are 10 key elements that are important to consider when preparing to become certified.
- Scoping your organisation
- Establishing references
- Establishing terms and a standard glossary
- Understanding the organisational context as well as needs of interested parties
- Obtain commitment from high-level leadership
- Planning the processes of how to identify, analyse and treat information risks
- Resources, awareness and documentation prepared to support the project
- More detailed documentation of how the above will work
- Monitoring, evaluating and analysing the processes so potential improvement can be made
- Continual improvements and refinements made going onwards
What are the benefits of ISO/IEC 27001?
Certification is mostly concerned with data security - by being IOS/IEC 27001 certified you can ensure the security of the information you use.
The upcoming GDPR has strict articles dedicated to the prevention and treatment of data breaches. By ensuring your compliance with ISO/IEC 27001 you can meet several of the requirements laid out by the GDPR such as pseudonymising and encrypting personal data and implementing processes of continual improvement of your data security measures.
Although certification won’t mean you cover all the requirements of GDPR, it does cover the data breach requirements well – helping you to be ready for May 2018.