ISO 27001
Overview
Organizations need a robust framework to implement their information security management process. ISO27001:2013 is a worldwide accepted standard to help protect information assets. It entails a structured set of policies and procedures to let an organization be secure and gain confidence in their customer's minds.
Some Facts
ISO 27001 expects the management to examine firm's IT security risks, and measure it in terms of threats, vulnerabilities, and business impact. It is also expected that design and implementation of security controls and risk management tools are important for business stability.
All this needs to be achieved by adopting a well defined management process to ensure effectiveness of security controls.ISO 27001 has various benefits
What does ISO 27001 mean?
ISO 27001 is an international standard published by International standard of organization in partnership with International Electrotechnical Commission (IEC). ISO 27001 takes risk based approach and helps organisation treat risks in all areas with the help of 114 controls spread across 14 domains. ISO 27001 aims to protect information security by preserving confidentiality, integrity and availability of it.
What are ISO 27001 requirements?
ISO 27001 is spread across 11 clauses (0 to 10) which are mandatory and 114 controls. The clauses will set a base for the entire ISMS implementation. Clauses represent guidelines and crucial action steps that are important for an organisation to be compliant with ISO 27001.
ISO 27001 adopts risk based approach and expects that an organisation finds out all the critical areas and risks associated with the same. The 114 control divided into 14 domain will help treat the risks.
What is the current ISO 27001 standard?
ISO 27001 is an international standard published by International standard of organization in partnership with International Electrotechnical Commission (IEC). ISO 27001 is designed to protect the information security by adopting risk based approach.
ISO/IEC 27001: 2013 is the current version of ISO 27001 standard being used globally.
What are the 14 domains of ISO 27001?
ISP 27001 follows risk based approach. The standard expects an organisation to identify all the risk pertaining to people, processes, products and assets.
ISO 27001 contains 114 controls which are spread across 14 domains. These controls are listed down in Annex A. Organisation can then apply these controls to the risk areas to treat them.
- Annex A.5 Information Security Policies
- Annex A.6 Organisation of Information Security
- Annex A.7 Human Resource Security
- Annex A.8 Asset Management
- Annex A.9 Access control
- Annex A.10 Cryptography
- Annex A.11 Physical and environmental Security
- Annex A.12 Operations Security
- Annex A.13 Communications Security
- Annex A.14 System Acquisition, development and maintenance
- Annex A.15 Supplier Relationships
- Annex A.16 Information Security Incident Management
- Annex A.17 Information security aspects of business continuity management
- Annex A.18 Compliance.
Is ISO 27001 a legal requirement?
ISO 27001 is not a legal requirement but it will help an organization create a sense of security among its client and customers. Since ISO 27001 is designed to protect information security, being ISO 27001 compliant will automatically mean that the organization is following best standards in the industry to keep all the information secure.
Also, ISO 27001 will help an organization comply with different laws, legal requirements through its implementation.
What is difference between ISO 27001 and ISO 27002?
ISO 27001 is an international standard published by International standard of organization in partnership with International Electrotechnical Commission (IEC). ISO 27001 helps organization find all the risks areas through adoption of risk based approach and help them treat all the risks using 114 controls spread across 14 domains.
Whereas ISO 27002 goes into detail about how to implement those 114 controls from Annex A.
How do you check if a company is ISO 27001 certified?
Here is how you can check if the vendor or organisation is ISO 27001 certified or not.
- Some companies announce about them being certified on their website.
- You can request an organisation to share the certificate with you.
- Check for ISO 27001 version, scope, expiration date, address, certificate number, certification body and accreditation body on the certificate.
Security Compliance
FEATURES
ISO 27001 consultancy features implementation of a world standard framework to achieve robust cyber security policies and procedures.
