2014 has been the year of the massive, high-profile data breach. Target, eBay, JPMorgan and countless other organisations thought their data was secure till they learned the hard way that that was not the case. Millions of individuals have been affected. Can you be sure that your data is secure?
The international standard ISO 27001 sets out the requirements of an information security management system (ISMS) – a best-practice approach to information security management that encompasses the whole organisation, covering people, processes and technology.
If you’re serious about your organisation’s information security and are thinking about implementing an ISMS, you might be discouraged by the potential scale of the implementation project. After all, ISO 27001 stipulates the establishment of policies and procedures that can affect every part of the organisation, all of which must be documented.
One thing that those new to the Standard often fail to appreciate is that it sets out a best-practice approach. One of the main advantages of this is that many of its requirements are things that good organisations will carry out as a matter of course. Your company’s policies and procedures could well meet many of the Standard’s requirements, and you could be closer to compliance than you think.
Certification to the Standard brings with it a wealth of business benefits, enabling you to win and retain business, protect and enhance your reputation, build internal and external trust, demonstrate compliance with numerous laws, and satisfy audit requirements. If you knew you were close to achieving this already, and could identify those areas that you needed to address, wouldn’t you want to know?
IT Governance’s ISO 27001:2013 ISMS Gap Analysis Tool will show you how your organisation’s information security posture compares to the requirements of the internationally recognised information security management standard, ISO 27001.