By using the Aculab site, you agree with our use of cookies.

What’s ISO 27001 and why should your company implement it?

As the risks associated with cyberattacks and data breaches continue to increase, information security has become a critical issue for every organisation. An effective approach should help defend against both external attacks and common internal threats such as accidental breaches and human error.

ISO 27001 is the international standard that provides the specification for an information security management system (ISMS). This is a systematic approach consisting of people, processes and technology that helps you protect and manage all your organisations information through risk management.

 

ISO 27001 flow

 

ISO 27001 focuses on protecting three key aspects of information:

  • Confidentiality – The information is not available or disclosed to unauthorised people, entities, or processes.
  • Integrity – The information is complete and accurate, and protected from corruption.
  • Availability – The information is accessible and usable as and when authorised users require it.

 

ISO 27001 key aspects

 

ISO 27001 is one of the most popular information security standards in the world. The standard has been designed to help organisations manage their security practices consistently and cost-effectively. It is technology and vendor neutral and is applicable to all organisations irrespective of their size, type, or nature.

ISO 27001 is the mainstay of the ISO 27000 series; a family of mutually supporting information security standards that together provide a globally recognised framework for best practice information security management. These standards help organisations keep their information assets secure by offering a set of specifications, codes of conduct and best practice guidelines to ensure strong information security management.

ISO 27001 Clauses

The main part of the ISO 27001 consists of 11 clauses (0 to 10) which are mandatory. Clauses 0 to 3 set the introduction of the ISO 27001 standard (introduction, scope, normative references, terms and conditions). The following clauses 4 to 10 include: context of the organisation, leadership, planning, support, operation, performance evaluation and continual improvement.

ISO 27001 Controls

The second part of the ISO 27001 standard, called Annex A, provides a guideline for 114 controls, covering the breadth of information security management including areas such as physical access control, firewall policies, security staff awareness programmes, procedures for monitoring threats, incident management processes and encryption.

What are the benefits of ISO 27001?

  • ISO 27001 will help you secure your information in all its forms – An ISMS helps protect all forms of information whether digital, paper-based or stored in the cloud.
  • Increase your attack resilience – Implementing and maintaining an ISMS will significantly increase your organisation’s resilience to cyber-attacks.
  • Protect what matters – Whether the scope of your ISMS covers your entire organisation or just the parts that deal with information, ISO 27001 protects against technology-based risks and other more common threats such as poorly informed staff or ineffective procedures.
  • Respond to the evolving security threat landscape – An ISMS constantly adapts to changes both in the threat environment and inside the organisation, ensuring that information security risks are effectively managed over time.
  • Protect the quality of your data – An ISMS provides the controls for best practice; the policies and procedures must be written by the company. It also consists of technical and physical controls to protect the confidentiality, availability, and integrity of your information.
  • Embed information security into your company culture – The standards holistic approach covers the entire organisation, not just the IT department so employees can readily understand risks and embrace security controls as part of their everyday working practices.

How to get ISO 27001 Certified

Once an organisation has met the various requirements stipulated by ISO 27001, the next step is to seek certification. Certification is the procedure by which an external certification body provides written assurance that an organisations ISMS conforms to the requirements of ISO 27001. Due to the certification of ISO 27001 not being mandatory, not all organisations choose to achieve it, however, there are many benefits to certification. As well as helping you protect your information, and comply with relevant legislation, ISO 27001 certification holds a distinct market value by providing clear externally validated proof of your organisations willingness to meet internationally accepted information security standards.

Aculab ensures the upmost importance on information security, and ensures that any customer data that the company stores or processes, are held to the highest standards, and these standards are consistently applied and updated. Aculab has been certified by BSI (British Standards Institute), an accredited company, for complying with the ISO 27001:2013 standard. This follows the successful implementation of their Information Security Management System (ISMS).

This can be viewed on: https://www.aculab.com/why-aculab/standards

 

 

Archive

The Aculab blog

Cloud news, views and industry insights from Aculab

  • Reminder: The world is reopening

    Appointment reminders are critical to many industries around the world, now more than ever. From the crucial services to the downright fun, in the new world emerging from lockdown, we all need a little certainty in our lives.

    Read more

  • Why a Local Cloud is the right choice for secure cloud communications

    Maybe it’s time to rethink your view of what Cloud architecture means. Cloud use is cost effective, provides huge operational benefits, AND is able to be utilised in a secure way.

    Read more

  • Turning the page in the story of cloud migration

    Technology, and especially communications technology, has surely become normalised in new and interesting ways. Take the amusing and gimmicky, where a fridge can text you when your water is cold, to the more usual everyday - where you can seamlessly contact and be contacted by your local authority or social housing agency. Such a service quickly and easily allows you to complete modern life’s admin, such as paying rent, and reporting problems to landlords.

    Read more

  • An underused tool in the fight against the second wave of Coronavirus

    In this article, we'll go into a bit more depth as to why exactly Broadcast Messaging is such a powerful tool. We have compiled a list of six unique characteristics to highlight exactly how it can be used productively, to shore up the lines of communication in the ongoing situation with Coronavirus.

    Read more

  • The seven realms of Broadcast Messaging

    Broadcast messaging that uses a cloud-based service is a natural choice. Using a cloud as-a-service approach gives a variety of message delivery options, and cuts down costs by automatically scaling to meet demand. Find out what makes Aculab Cloud such a natural choice for voice and SMS broadcast messaging, and how other customers are already reaping the benefits from using Aculab's CPaaS platform.

    Read more