What is ISO 27001 standard?
The formal standard against which organizations may seek independent certification of their Information Security Management Systems (ISMS)
To provide a common base for:
– developing organizational security standards and effective security management practice
– To provide confidence in inter-organizational dealings.
ISO 27001 addresses management system in the area of information security:
Holistic approach by risk assessment & management Incorporate best industry practices
133 controls to be selected for implementation Plan-Do-Check-Act (PDCA) model to achieve continual improvement
Which organizations can undergo ISO 27001 certification?
Any organization that requires protection of Information Assets
Why ISO 27001 certification?
– Satisfying Customers’ Requirements.
– Requirements from customers to possess a comprehensive security management system.
– Provision of Security Assurance.
– Certification provides security assurance to the clients that the organization has a robust and reliable security management system.
– Leads to a better knowledge of information systems. Weaknesses and how to protect them.