Simplify your ISO 27001 compliance worries
IS0 27001 (formally known as ISO/IEC 27001:2005) is a specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation's information risk management processes
- Information security policies (2 controls): how policies are written and reviewed.
- Organisation of information security (7 controls): the assignment of responsibilities for specific tasks.
- Human resource security (6 controls): ensuring that employees understand their responsibilities prior to employment and once they’ve left or changed roles.
- Asset management (10 controls): identifying information assets and defining appropriate protection responsibilities.
- Access control (14 controls): ensuring that employees can only view information that’s relevant to their job role.
- Cryptography (2 controls): the encryption and key management of sensitive information.
- Physical and environmental security (15 controls): securing the organisation’s premises and equipment.
- Operations security (14 controls): ensuring that information processing facilities are secure.
- Communications security (7 controls): how to protect information in networks.
- System acquisition, development and maintenance (13 controls): ensuring that information security is a central part of the organisation’s systems.
- Supplier relationships (5 controls): the agreements to include in contracts with third parties, and how to measure whether those agreements are being kept.
- Information security incident management (7 controls): how to report disruptions and breaches, and who is responsible for certain activities.
- Information security aspects of business continuity management (4 controls): how to address business disruptions.
- Compliance (8 controls): how to identify the laws and regulations that apply to your organisation.
- Win new business and sharpen your competitive edge Avoid the financial penalties and losses associated with data breaches
- Protect and enhance your reputation
- Comply with business, legal, contractual and regulatory requirements
- mprove structure and focus
- Reduce the need for frequent audits
- Obtain an independent opinion about your security posture