The importance of ISO 27001: A consultant’s perspective

ISO 27001 is the third fastest-growing management standard in the world, with certifications growing at an annual rate of 20%. It may be time to consider the Standard for your organisation.

Achieving accredited certification to ISO 27001 demonstrates that your organisation is following information security best practice, and delivers an independent, expert assessment of whether your data is adequately protected. ISO 27001 is supported by its code of practice for information security management, ISO/IEC 27002:2013.

What makes ISO 27001 so important?

We asked Sharon O’Reilly, one of Ireland and IT Governance Europe’s leading General Data Protection Regulation (GDPR) and governance, risk management and compliance (GRC) consultants, her view on ISO 27001 and why it is so important from a consultant’s perspective.

“ISO 27001 is regarded as the gold standard when it comes to information security management systems (ISMS); as a consultant, my view is:

  • Information security management is now a business essential – protection of confidential data and particularly personal data with the advent of the GDPR is critical.
  • ISO 27001 gives us a structured way of looking at risks to data and applying suitable controls to reduce risks where possible. Logic tells us that this must be a good thing.
  • Perhaps more importantly, ISO 27001 gives us a way of ‘controlling the controls’ by implementing management systems to make sure that controls are monitored, maintained and improved on a continuous basis.
  • Having consulted on many Irish organisations’ ISO 27001 projects over the past eight years, I can say with confidence that, if implemented sensibly and robustly, this standard will improve your security posture and reduce your risks.”

Successfully implement an ISO 27001 ISMS

Learn how to successfully implement an ISO 27001 ISMS on our fully certified, practitioner-led ISO27001 Certified ISMS Lead Implementer course. Drawing on ISO 27001 experts Alan Calder and Steve Watkins’s industry-leading implementation guide, IT Governance – An International Guide to Data Security and ISO27001/ISO27002, this three-day course covers the nine key steps involved in planning, implementing and maintaining an ISO 27001-compliant ISMS.

Further your career with certified ISO 27001 training delivered by industry experts. Book your place today >>

Book our ISO27001 Foundation and Lead Implementer Combination Course and save 15%.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.