As highlighted in our blog last week, several supervisory authorities across Europe have already highlighted ISO 27001 as a model of best practice that will provide good evidence of intent and effort to comply with the GDPR.
ISO 27001 provides an excellent approach to complying with data protection and privacy legislation because it requires the business to recognise the “needs and expectations of interested parties”, which include customers, the public, partners and regulatory bodies, and “may include legal and regulatory requirements and contractual obligations”.
Certification to ISO 27001 can bring organisations a host of benefits, including:
- Safeguarding their valuable data and intellectual property
- Winning new business and retaining their existing customer base
- Avoiding the financial penalties and losses associated with data breaches
- Complying with business, legal, contractual and regulatory requirements
- Improving their processes
- And much more.
ISO 27001 is not the complicated standard it is made out to be
We recently caught up with Brian Honan, the author of June’s book of the month ISO27001 in a Windows® Environment.
Brian said that it “really struck him how complicated people seemed to think ISO 27001 was”.
Brian said that many people thought ISO 27001 would “require thousands of mandates, lots of money to invest in IT equipment and systems, and would take forever to get implemented”.
However, he highlighted that the Standard is not as complicated as you might think and that you may not have to buy new systems or security systems to comply with it.
ISO 27001 can be implemented on your current Windows® system
A lot of the technical controls in ISO 27001 can be addressed with the inbuilt functionality and tools in Windows.
ISO27001 in a Windows® Environment gives essential guidance for everyone involved in a Windows-based ISO 27001 project.
- Details the various controls required under ISO 27001:2013, together with the relevant Microsoft products that can be used to implement them.
- Explains how to make the most of Windows security features.
- Is ideal for bridging the knowledge gap between ISO 27001 and Windows security.