ISO 27001 Information Security Management is one of the more recent ISO Standards, developed from BS 7799 it is applicable to all sectors of industry and commerce and not just confined to information held on computer. It addresses the security of information in whatever form it is held.
The information may be printed or written on paper, stored electronically, transmitted by post or e-mail or retained by staff and managers in any other format. Whatever form the information takes, or means by which it is shared or stored, ISO 27001 helps an organisation ensure it is always protected.
| Confidentiality: | Ensuring the access to information is appropriately authorised |
| Integrity: | Safeguarding the accuracy and completeness of information and processing methods |
| Availability: | Ensuring that authorised users have access to information when they need it and anyone who is not authorised to have the information can not gain access. |
The standard requires that organisations address the following:
Information is globally accepted as being a vital asset for most organisations. As such the confidentiality, integrity and availability of vital corporate and customer information may be essential to maintain a competitive edge, cash flow, profitability, legal compliance and commercial image. ISO 27001 is intended to assist with this task by setting a framework and asking organisations to determine whether it does control its information security.
No company wants to be the victim of loss of information through, fire, flood, theft, sabotage, misuse, accident etc - but for many companies such occurrences have happened and in some cases the company has not recovered. Implementing ISO 27001 may prevent an occurrence in the first place or at least make the consequences easier to manage.
Development of an Information Management System broadly follows three stages:
We can assist you to develop the systems that meet the requirement of the standard and your own requirements to ensure that your information is secure, and should you wish we will help prepare you for certification.