Here at ISO 27001 Guide, we have a wealth of experience in implementing information security management systems in line with ISO 27001 requirements. While most ISO 27001 websites promote their products, tool kit or policy set to buy – here at ISO 27001 Guide we are a free resource asking some of the most talked about questions such as how to define ISMS scope, and which Annex A controls are applicable to my organisation?
So, firstly you make be asking yourself what is ISO 27001? And how did I end up here? In short an Information Security Management System can be defined as:
An Information Security Management System is a set of policies and procedures for systematically managing an organisations sensitive data and assets.
While this sounds simple, in reality this will consist of a myriad of different documented and undocumented processes aligned with organisational policies. The benefit of doing this is that it makes the weakest link in your security chain aware of their responsibilities – the people. Policies and procedures that govern working practices are shown to reduce the number of security incidents in major companies, and a well constructed ISMS can manage this process.
So, if that is what an ISMS is, what is ISO 27001? And what does this have to do with anything? In short, ISO 27001 can be defined as:
The International Standard for an Information Security Management System that allows organisations to be certified against it’s requirements. Certification to ISO 27001 demonstrates that your ISMS is functioning and fit for purpose.
Organisations that can demonstrate they have full alignment with the requirements of ISO 27001 can be certified against the standard. This provides assurance to the organisations board members, as well as its customers, suppliers and employees, that data is managed in a safe and secure way. The benefits of this are massive, and can improve the organisations overall image and generate further business and income.
So that is just a short description of what an ISMS is, what ISO 27001 is and how this website can help you to achieve certification. Use the menu buttons above to navigate the site, and don’t forget to interact with us via the forum and contact us page.
Happy ISO’ing!