The standard provides set of best management practices for protection of information residing in an organization whether information belongs to the organization itself or its clients. Although the standard is commonly related to Information Technology Sector, it still applies to any business and non-profit organization that understands the sensitivity of its information.

Information is currently considered to be the most important asset of an organization; it may include:

  • Communication and correspondence with clients
  • Details of agreements with third parties
  • Personnel bio-data
  • Classified documents relating to an organization’s products / services
  • Complaint records
  • Network and security architecture designs
  • Access control protocols (both physical and logical)

and any type of information whose disclosure to irrelevant parties can effect an organization in an unexpected manner.

Benefits:

Unlike usual ISO standards, this standard does not only come with basic requirements, but also provides;

  • Extensive control objectives / controls
  • Implementation guidelines

to ensure that all related areas are effectively covered.

By achieving certification to ISO 27001 from DCS, your organisation will be able to reap numerous and consistent benefits.
Contact us to carry out the full certification process, or a gap assessment against the ISO 27001 ISMS standard to identify your organization’s preparedness.

 

FAQ

What is achieved by implementing ISO 27001?

Implementation of ISO 27001 reduces risks related to confidentiality, availability, and integrity of information in an organization. It also helps the organization to achieve conformity with legislation regulating protection of confidential information, protection of information systems, personal data protection, etc., which are already in place in most countries. Finally, implementation of the standard should reduce business costs due to fewer incidents, and improve marketing because of the publicity that can be gained with the standard.

Which areas are assessed for the certification in accordance with ISO 27001?

  • Information security guidelines
  • Staff security
  • Asset management
  • Physical and environment-related security
  • Access control
  • Cryptography
  • Operational security
  • Communication security
  • Purchase, development and maintenance of systems
  • Supplier relationships
  • Handling of information security incidents
  • Information security aspects of business continuity management
  • Compliance

What are some of the operational and competitive advantages of certification?

From an operational perspective, one of the biggest benefits is that ISO/IEC 27001 focuses on compliance with a management system that has the ability to influence all areas of an organization. It’s a much more productive way of managing security because it calls for being proactive and risk-focused and it is also more people-centric that simply following control checklists.

What are the aims of ISO 27001?

The aim of ISO 27001 is a consistent and centrally controlled management system for protecting information. In addition, threats to all business processes are reduced by effective monitoring and control of IT security risks.

How can organizations achieve information security?

Organizations are required to equip their networks according to minimum standards. In addition, technical and organizational provisions need to be met to ensure the availability, integrity, authenticity and confidentiality of data. Hacker attacks must be reported immediately.

Are IT security and information security one and the same thing?

No. IT security is part of information security – IT security includes, for example, backup procedures or the use of a firewall, whereas information security also includes definition of security roles and responsibilities, operating procedures, training and awareness, legal relations with employees and suppliers, physical security, etc. IT security is usually 50% of information security.