Known throughout the information security industry, ISO 27001 is adored by many IT professionals around the world (yes, they really do worship it – just check out some of the Linkedin groups). But for those completely new to the Standard, what’s it all about?
Let’s get right to the basics: what exactly is ISO 27001?
ISO 27001 is an internationally recognised standard that organisations can be audited against and certified to, proving their commitment to information security. A copy of the ISO 27001 standard is available to purchase here >>
The Standard describes best practice for an information security management system (ISMS) and provides a systematic approach to managing confidential or sensitive corporate information so that it remains secure.
By applying the specification set out in the Standard, organisations can take a holistic approach to information security – managing the confidentiality, integrity and availability of their information assets – that no other standard or framework can provide.
Why would an organisation implement the Standard?
- First and foremost, it keeps confidential information secure.
- Stakeholders are assured that you take information security seriously.
- Recognised worldwide.
- Provides you with a competitive advantage.
- Builds a culture of security – careless employees and ineffective defences will no longer threaten to damage your company by leaking sensitive information.
With over 22,300 organisations ISO 27001-certified worldwide – and 7,950 of those in Europe – the Standard is highly sought-after and is actually one of the three standards that most frequently appear in conditions for business in Europe.
Major companies that have certified to the Standard include Google Apps, Amazon Web Services and Microsoft.
Not surprisingly, organisations in the information technology sector have the highest number of certificates (5059), but organisations in critical infrastructure (electricity and water supply) have seen the biggest jump in certification to the Standard year-on-year (+55%).
For a fast, easy-to-read primer on ISO 27001 and information security in general, read An Introduction to Information Security and ISO27001:2013.
Authored by Steve Watkins, who helped manage the world’s first successful implementation of the Standard (then BS 7799), this clear-cut pocket guide explains it in simple terms, designed for individuals who wish to know more about the Standard, or for organisations considering implementing an information security management regime.