ISO/IEC 27001 - Information Security Management System
A ISO/IEC 27001 certificate demonstrates your commitment to proactively manage and protect your information and assets and ensure compliance with legal requirements.
What is the ISO/IEC 27001 standard?
The ISO/IEC 27001 standard adopts a process approach for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an organisation’s information security management system.
ISO/IEC 27001 was established by the International Organization for Standardization (ISO). It was first launched in 2005, as a replacement of BS 7799.
In addition, and building on the ISO/IEC 27001 requirements, ISO/IEC 27701 provides requirements and helps companies manage privacy risks related to personally identifiable information (PII). It can also help companies comply with GDPR as well as other data protection regulations. The two standards can be certified in combination.
Alignment with other management system standards
ISO/IEC 27001 is aligned with other management systems, and supports consistent and integrated implementation and operation with related management standard.
Features of ISO/IEC 27001:
- ISO/IEC 27001 is harmonized with the structure of other management systems.
- ISO/IEC 27001 puts emphasis on a continual process improvement of your information security management system.
- Clarifies requirements for documentation and records.
- Involves risk assessment and management processes using a Plan, Do, Check, Act (PDCA) process model.
Protecting your assets
The standard takes a comprehensive approach to information security. Assets that need protection range from digital information, paper documents, and physical assets (computers and networks) to the knowledge of individual employees. Issues you have to address range from competence development of staff to technical protection against computer fraud.
ISO/IEC 27001 will help you protect your information in terms of the following principles:
- Confidentiality ensures that information is accessible only to those authorized to have access.
- Integrity safeguards the accuracy and completeness of information and processing methods.
- Availability ensures that authorized users have access to information and associated assets when required.
How can we help you?
For third party certification, you need to implement an effective information security management system complying with the requirements of the standard. DNV GL - Business Assurance is an accredited third party certification body. We provide relevant training and certification services. See how you can get started on the road to certification.