What’s ISO 27001 and why should your company implement it?

As the risks associated with cyberattacks and data breaches continue to increase, information security has become a critical issue for every organisation. An effective approach should help defend against both external attacks and common internal threats such as accidental breaches and human error.

ISO 27001 is the international standard that provides the specification for an information security management system (ISMS). This is a systematic approach consisting of people, processes and technology that helps you protect and manage all your organisations information through risk management.

 

ISO 27001 flow

 

ISO 27001 focuses on protecting three key aspects of information:

  • Confidentiality – The information is not available or disclosed to unauthorised people, entities, or processes.
  • Integrity – The information is complete and accurate, and protected from corruption.
  • Availability – The information is accessible and usable as and when authorised users require it.

 

ISO 27001 key aspects

 

ISO 27001 is one of the most popular information security standards in the world. The standard has been designed to help organisations manage their security practices consistently and cost-effectively. It is technology and vendor neutral and is applicable to all organisations irrespective of their size, type, or nature.

ISO 27001 is the mainstay of the ISO 27000 series; a family of mutually supporting information security standards that together provide a globally recognised framework for best practice information security management. These standards help organisations keep their information assets secure by offering a set of specifications, codes of conduct and best practice guidelines to ensure strong information security management.

ISO 27001 Clauses

The main part of the ISO 27001 consists of 11 clauses (0 to 10) which are mandatory. Clauses 0 to 3 set the introduction of the ISO 27001 standard (introduction, scope, normative references, terms and conditions). The following clauses 4 to 10 include: context of the organisation, leadership, planning, support, operation, performance evaluation and continual improvement.

ISO 27001 Controls

The second part of the ISO 27001 standard, called Annex A, provides a guideline for 114 controls, covering the breadth of information security management including areas such as physical access control, firewall policies, security staff awareness programmes, procedures for monitoring threats, incident management processes and encryption.

What are the benefits of ISO 27001?

  • ISO 27001 will help you secure your information in all its forms – An ISMS helps protect all forms of information whether digital, paper-based or stored in the cloud.
  • Increase your attack resilience – Implementing and maintaining an ISMS will significantly increase your organisation’s resilience to cyber-attacks.
  • Protect what matters – Whether the scope of your ISMS covers your entire organisation or just the parts that deal with information, ISO 27001 protects against technology-based risks and other more common threats such as poorly informed staff or ineffective procedures.
  • Respond to the evolving security threat landscape – An ISMS constantly adapts to changes both in the threat environment and inside the organisation, ensuring that information security risks are effectively managed over time.
  • Protect the quality of your data – An ISMS provides the controls for best practice; the policies and procedures must be written by the company. It also consists of technical and physical controls to protect the confidentiality, availability, and integrity of your information.
  • Embed information security into your company culture – The standards holistic approach covers the entire organisation, not just the IT department so employees can readily understand risks and embrace security controls as part of their everyday working practices.

How to get ISO 27001 Certified

Once an organisation has met the various requirements stipulated by ISO 27001, the next step is to seek certification. Certification is the procedure by which an external certification body provides written assurance that an organisations ISMS conforms to the requirements of ISO 27001. Due to the certification of ISO 27001 not being mandatory, not all organisations choose to achieve it, however, there are many benefits to certification. As well as helping you protect your information, and comply with relevant legislation, ISO 27001 certification holds a distinct market value by providing clear externally validated proof of your organisations willingness to meet internationally accepted information security standards.

Aculab ensures the upmost importance on information security, and ensures that any customer data that the company stores or processes, are held to the highest standards, and these standards are consistently applied and updated. Aculab has been certified by BSI (British Standards Institute), an accredited company, for complying with the ISO 27001:2013 standard. This follows the successful implementation of their Information Security Management System (ISMS).

This can be viewed on: https://www.aculab.com/why-aculab/standards

 

 

Archive

The Aculab blog

Cloud news, views and industry insights from Aculab