Consultancy Services

Home / Consultants

ISO 27001:2013 - Information security management

What is ISO 27001:2013?

ISO 27001:2013 is the internationally recognised best practice framework for an Information Security Management System (ISMS). It is one of the most popular information security standards worldwide.

ISO 27001 (formally known as ISO/IEC 27001:2005) is a specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organization’s information risk management processes. According to its documentation, ISO 27001 was developed to provide a model for establishing, maintaining and improving an information security management system. ISO 27001 uses a top down, risk-based approach and is technology-neutral

ISO 27001 certification demonstrates that you have identified the risks, assessed the implications and put in place systemised controls to limit any damage to the organisation. Benefits include: Increased reliability and security of systems and information. Improved customer and business partner confidence.

What included in ISO 27001:2013:

The specification defines a six-part planning process:

  • Define a security policy.
  • Define the scope of the ISMS.
  • Conduct a risk assessment.
  • Manage identified risks.
  • Select control objectives and controls to be implemented.
  • Prepare a statement of applicability.

The specification includes details for documentation, management responsibility, internal audits, continual improvement, and corrective and preventive action. The standard requires cooperation among all sections of an organization.

Benefits of ISO 27000 certification

  • Increased reliability and security of systems and information.
  • Improved customer and business partner confidence.
  • Increased business resilience.
  • Alignment with customer requirements.
  • Improved management processes and integration with corporate risk strategies.
  • Increase the ability to comply with the GDPR (General Data Protection Regulation) approved by EU.

Process stages

Some of the stages you will need to go through to protect your business and achieve ISO 27001 include:

  • Assessing the potential risks to your business and identifying areas that are vulnerable.
  • Implementing a management system that covers the entire organisation will help to control how and where information is stored and used.
  • Maintaining a process to manage current and future information security policy.
  • Making employees and third party contractors aware of the risks and incident reporting.
  • Monitoring system activity and logging user activities.
  • Keeping IT systems up to date with the latest protection.
  • System access control.