What is ISO 27001:2005

3.07.2006

Demonstrate your commitment to information security
Information is a major asset. In business it supports a multitude of processes, from deals to mergers, projects to employee details. A range of information that is usually meant for company-use only, can easily be brought into public knowledge. Any disruption in the quality, quantity, distribution or relevance of your information systems can put your business at risk to attack from external sources. That’s why you need to actively manage the security of information systems and business-critical information, not just to assure your employees and stakeholders, but also any customers and partners with whom you share that information.

Make your information safe and keep it that way The ISO 27001:2005 Information Security Management Systems (ISMS) certification enables you to demonstrate your commitment to information security and customer satisfaction, as well as continuously improving your corporate image. The standard is made of two parts: ISO 17799: Guidance on implementing ISMS. ISO 27001: Standard against which ISMS can be certified. The first step is to define the scope of the ISMS policy. This is critical to identify the potential dangers you face and decide a systematic approach to how to assess these risks. A successful ISMS includes standard steps for implementation, operation, review, maintenance and improvement of the system. The ISO 27001:2005 standard effectively covers twelve sections: security policy organisation of information security asset management human resources security physical and environmental security communications and operations management access control information systems acquisition, development and maintenance information security incident management business continuity management compliance To start with, an assessment is made on how your ISMS have been implemented to identify the gap vs. the standard requirements. After gaps have been filled, the initial audit follows. From the audit, you will receive a report that outlines the key measures needed to receive positive certification. Once no major corrective action is required, you’ll obtain direct certification. Annual compliance audits will follow and the certificate will be renewed every three years as long as systems are maintained. The benefits of ISO 27001:2005 The reputation of ISO and the certification against the internationally recognised ISO 27001:2005 enhances any company’s credibility. It clearly demonstrates the validity of your information and a real commitment to upholding information security. The set up and certification of an ISMS can also transform your corporate culture both internally and externally, opening up new business opportunities with security conscious customers/clients, in addition to improving employee ethics and the notion of confidentiality throughout the workplace. What’s more, it allows you to enforce information security and reduce the possible risk of fraud, information loss and disclosure. Organisations certified to BS 7799 will be transitioned to ISO 27001. According to the January 2006 UKAS Transition Statement, companies certified to BS 7799-2:2002 will be given until July 2007 to make the transition.

 

Related information

Back to Latest News