The ISO 27001 standard for Information Security Management
The ISO 27001 standard for Information Security Management is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties.
Security breaches may cause reputation loss, financial loss, loss to intellectual property, legislative breaches leading to legal actions, loss of customer confidence, business interruption costs, loss of goodwill, etc. The standard includes 11 domain areas and 133 controls which provides management direction, support framework for implementation.
Benefits of implementing ISO 27001
- Identification & protection of information from a range of threats, by proper risk management and assessment.
- Ensures business continuity and minimizes financial loss.
- Security of all the information assets through implementation of asset management & physical & environmental security controls.
- Optimizes return on investments and increases business opportunities by improved effectiveness of Information Security management.
- Ensures control of access to information & information processing facilities & security built into the systems through proper access control.
- Reduces risk of human error, theft, fraud etc through the compliance to Human resource security controls.
- Certification provides confidence to customers, trading partners, stakeholder etc.
- Ensures information security events and weaknesses associated with the information systems are communicated and handled appropriately through proper security incident management control.
- Compliance with mandates and laws (e.g., Data Protection Act, Communications Protection Act).