The International Standard ISO 27001 (previously BS-7799) for Information Security Management has been designed to help organisations of all types and sizes to implement simple and relevant practices that will secure not just their computer and communications services, but also their offices, their valuable organisational information and the efficiency and well-being of their staff.
What are the Benefits of ISO 27001?
ISO27001 was designed for high-pressure, information-driven, information-dependent environments.
ISO27001 was developed by 'real life' organisations including Marks & Spencer, Unilever, Lloyds TSB, and Nationwide Building Society to name just few. All these are organisations that are under commercial pressure: they have to deliver results to share holders or stakeholders, and retain high levels of security and motivated workforces. Their input to the original British Standard and determination to ensure that it was appropriate and supportive in a high-pressure environment means that the controls and recommendations actually enhance efficient working practices.
ISO27001 provides an independent, recognized way of measuring the state of your information security. The standard provides an easy-to-follow framework for measuring and assessing the status of an organisations Information Security at any given time: this means that it is possible to take snapshots of your progress as we enhance your systems and implement new procedures. ISO27001 helps you put in place some of the procedures you are legally required to have in place.
Employment law is increasing in complexity at all time and it is a wise employer who documents and covers all eventualities for staff reference and agreement. In addition, other legislation, such as the Data Protection Act, the Computer Misuse Act and the Human Rights Act, provide a set of veritable minefield for the unwary. ISO27001 urges implementers to consider and design good information privacy and human resources procedures.
ISO27001 provides a way of showing partners, suppliers and staff that your are taking information security seriously.
ISO27001 recommends best practice for all types of information storage, communication and movement. As more and more companies exchange information using technology as the underlying transport system, the efficiency grows – but the risk increases. It is likely that, to facilitate secure inter organisation information exchange in future, sharing agreements will stipulate that partners work in accordance with, or formally comply with, ISO27001. So ISO27001 will increasingly become the requirement for secure information exchange
between all organizations.
In conclusion, ISO 27001 gives you a best practice management framework for implementing and maintaining sound information security. It also gives you a baseline against which to you can either show compliance against or undergo external certification.
ISO 27001 certification communicates to customers and suppliers alike that your organisation is managing and responding to information risk.
