ISO 27001:2013 ISO 27001:2013 standard was published in October 2005, essentially replacing
the old BS7799-2
standard. The ISO 27000 family of standards helps organizations keep information assets secure. If
you
are concerned about protection of assets especially information assets, ISMS provides a control
framework to protect the (information) assets. This combines management controls (such as ISMS
framework, ISMS policy), technical controls (malware management, access controls, network perimeter,
encryption), procedural controls (e.g. document management), personnel controls (e.g. background
screening) to name a few. The controls combine preventive, detective, restorative, maintenance and
monitoring controls. It is the specification for an ISMS, an Information Security Management System.
BS7799 itself was a long standing standard, first published in the nineties as a code of practice.
As this
matured, a second part emerged to cover management systems. It is this against which certification
is
granted. Today in excess of a thousand certificates are in place, across the world.
There are 4 essential business benefits that a company can achieve with the implementation of this
information security standard:
Lower costs –* the main philosophy of ISO 27001 is to prevent security incidents from
happening and
every incident, large or small, costs money. Therefore, by preventing them, your company will save
quite a lot of money. and the best thing of all – investment in ISO 27001 is far smaller than the
cost
savings you’ll achieve.
*Better organization – typically, fast-growing companies don’t have the time to stop and
define their
processes and procedures – as a consequence, very often the employees do not know what needs to be
done, when, and by whom. Implementation of ISO 27001 helps resolve such situations, because it
encourages companies to write down their main processes (even those that are not security-related),
enabling them to reduce the lost time of their employees.
*Comply with legal requirements – there are more and more laws, regulations and contractual
requirements related to information security, and the good news is that most of them can be resolved
by implementing ISO 27001 – this standard gives you the perfect methodology to comply with them all.
*Achieve marketing advantage – if your company gets certified and your competitors do not,
you may
have an advantage over them in the eyes of the customers who are sensitive about keeping their
information safe.