ISO 27001 Audit

ISO 27001 is a specification for the management of Information Security. It is applicable to all sectors of industry and commerce and not confined to information held on computers. It addresses the security of information in whatever form it is held.

The information may be printed or written on paper, stored electronically, transmitted by post or email, shown on films, or spoken in conversation. Whatever form the information takes, or means by which it is shared or stored, ISO 27001 helps an organization ensure it is always appropriately protected.

Information security can be characterized as the preservation of:

  • Confidentiality – ensuring that access to information is appropriately authorized
  • Integrity – safeguarding the accuracy and completeness of information and processing methods
  • Availability – ensuring that authorized users have access to information when they need it
Information is the key to success and growth for an organization. You do not want this happening to you…
  1. 15,000 hospital records found in a waste bin
  2. 30,000 passwords to Internet accounts published on the Internet
  3. 25 people from the development department moved to a competitor
  4. Banks pay millions to blackmailing crackers
  5. 300,000 account numbers stolen – some published on the WEB

ISO 2700:2005 proposes measures for an efficient information security management framework. ISO 27001 helps an organization establish an information security management system (ISMS) and thus prepare for the audit.

ISO 27001 contains a number of control objectives and controls. These include:

  1. Information Security policy
  2. Organizational security
  3. Asset classification and control
  4. Personnel security
  5. Physical and environmental security
  6. Communications and operations management
  7. Access control
  8. System development and maintenance
  9. Security incident management
  10. Business continuity management
  11. Compliance

Our Approach

Our approach involves the following steps:

ISO 27001 Audit

ISO 27001 Audit

Benefits of ISO 27001 Certification

Obtaining a certificate from a third party certification body demonstrates that you have addressed, implemented and controlled the security of your information. But the benefits don’t stop there. Certification also:

  • Comforts customers, employees, trading partners and stakeholders – in the knowledge that your management information and systems are secure.
  • Demonstrates credibility and trust.
  • Can lead to cost savings. Even a single information security breach can involve significant costs.
  • Establishes that relevant laws and regulations are being met.
  • Ensures that a commitment to Information Security exists at all levels throughout an organization.

Related Content:

  1. Information Security Audit For A BPO And Knowledge Management Company

Tags: , , ,

Trackback from your site.

Facebook Fan Club