What’s ISO 27001 and why should your company implement it?

As the risks associated with cyberattacks and data breaches continue to increase, information security has become a critical issue for every organisation. An effective approach should help defend against both external attacks and common internal threats such as accidental breaches and human error.

ISO 27001 is the international standard that provides the specification for an information security management system (ISMS). This is a systematic approach consisting of people, processes and technology that helps you protect and manage all your organisations information through risk management.


ISO 27001 flow


ISO 27001 focuses on protecting three key aspects of information:

  • Confidentiality – The information is not available or disclosed to unauthorised people, entities, or processes.
  • Integrity – The information is complete and accurate, and protected from corruption.
  • Availability – The information is accessible and usable as and when authorised users require it.


ISO 27001 key aspects


ISO 27001 is one of the most popular information security standards in the world. The standard has been designed to help organisations manage their security practices consistently and cost-effectively. It is technology and vendor neutral and is applicable to all organisations irrespective of their size, type, or nature.

ISO 27001 is the mainstay of the ISO 27000 series; a family of mutually supporting information security standards that together provide a globally recognised framework for best practice information security management. These standards help organisations keep their information assets secure by offering a set of specifications, codes of conduct and best practice guidelines to ensure strong information security management.

ISO 27001 Clauses

The main part of the ISO 27001 consists of 11 clauses (0 to 10) which are mandatory. Clauses 0 to 3 set the introduction of the ISO 27001 standard (introduction, scope, normative references, terms and conditions). The following clauses 4 to 10 include: context of the organisation, leadership, planning, support, operation, performance evaluation and continual improvement.

ISO 27001 Controls

The second part of the ISO 27001 standard, called Annex A, provides a guideline for 114 controls, covering the breadth of information security management including areas such as physical access control, firewall policies, security staff awareness programmes, procedures for monitoring threats, incident management processes and encryption.

What are the benefits of ISO 27001?

  • ISO 27001 will help you secure your information in all its forms – An ISMS helps protect all forms of information whether digital, paper-based or stored in the cloud.
  • Increase your attack resilience – Implementing and maintaining an ISMS will significantly increase your organisation’s resilience to cyber-attacks.
  • Protect what matters – Whether the scope of your ISMS covers your entire organisation or just the parts that deal with information, ISO 27001 protects against technology-based risks and other more common threats such as poorly informed staff or ineffective procedures.
  • Respond to the evolving security threat landscape – An ISMS constantly adapts to changes both in the threat environment and inside the organisation, ensuring that information security risks are effectively managed over time.
  • Protect the quality of your data – An ISMS provides the controls for best practice; the policies and procedures must be written by the company. It also consists of technical and physical controls to protect the confidentiality, availability, and integrity of your information.
  • Embed information security into your company culture – The standards holistic approach covers the entire organisation, not just the IT department so employees can readily understand risks and embrace security controls as part of their everyday working practices.

How to get ISO 27001 Certified

Once an organisation has met the various requirements stipulated by ISO 27001, the next step is to seek certification. Certification is the procedure by which an external certification body provides written assurance that an organisations ISMS conforms to the requirements of ISO 27001. Due to the certification of ISO 27001 not being mandatory, not all organisations choose to achieve it, however, there are many benefits to certification. As well as helping you protect your information, and comply with relevant legislation, ISO 27001 certification holds a distinct market value by providing clear externally validated proof of your organisations willingness to meet internationally accepted information security standards.

Aculab ensures the upmost importance on information security, and ensures that any customer data that the company stores or processes, are held to the highest standards, and these standards are consistently applied and updated. Aculab has been certified by BSI (British Standards Institute), an accredited company, for complying with the ISO 27001:2013 standard. This follows the successful implementation of their Information Security Management System (ISMS).

This can be viewed on: https://www.aculab.com/why-aculab/standards




The Aculab blog

Cloud news, views and industry insights from Aculab

  • STIR/SHAKEN and Robocalls

    The STIR/SHAKEN framework has been the talk of the North American telecoms town over the past few years, but what is it, how does it impact your business, and how can you make sure your business’s communications conform to this framework?

    Continue reading

  • STIR / SHAKEN in CPaaS

    Robocalls: Good guy vs Bad guy

    Tired of robocalls? Who isn't. I barely answer my cell phone unless it's from someone I know. With the usage of cell phones in the US rising substantially over the past decade, consumers have seen a sharp rise in the number of spoof and robocalls they receive.

    Continue reading

  • How To: Add voice and video calls to your webpage

    The advent of the internet fundamentally changed how people communicate. We are now able to connect with people across the globe almost instantaneously, not only through voice and text, but also through video communication.

    In this blog post we will be diving into WebRTC, showing how it can help you as a business, and explaining what you can achieve with Aculab Cloud WebRTC.

    Continue reading

  • Reminder: The world is reopening

    Appointment reminders are critical to many industries around the world, now more than ever. From the crucial services to the downright fun, in the new world emerging from lockdown, we all need a little certainty in our lives.

    Continue reading

  • Why a Local Cloud is the right choice for secure cloud communications

    Maybe it’s time to rethink your view of what Cloud architecture means. Cloud use is cost effective, provides huge operational benefits, AND is able to be utilised in a secure way.

    Continue reading