Implementing a recognised information security management standard, such as ISO 27001 provides you with a framework to manage the security of your information and minimise both internal and external threats.
What is ISO?
ISO is an information security standard released by the International Organization for Standardization (ISO), as well as the International Electrotechnical Commission (IEC). ISO standards have been created for organisations to help them manage their information security processes, financial information, employee details, and intellectual property, as well as other security assets.
The ISO family of standards describe security techniques and codes of practice for information security controls and information technology. ISO standards are not mandatory, so companies do not need to adopt them. However, many organisations choose to adopt them to reassure customers and to demonstrate that they are using best practices.
ISO 27001 (ISO/IEC 27001:2013), formerly ISO/IEC 27001:2005, helps businesses stay in line with international best practice, while also optimising costs. The standard is both vendor and technology-neutral and is applicable to companies of all sizes, nature, and type.
Talk to one of our Cyber Security consultants
ISO 27000 family
There are more than a dozen standards within the 27000 family and these include:
- 27003 – implementation guidance
- 27004 – ISMS standards that suggest metrics to improve the effectiveness of an ISMS
- 27005 – an ISMS risk management standard
- 27006 – a certification and registration guide of processes for accredited ISMS registration and certification bodies
- 27007 – information security management system auditing guideline
ISO 27001 vs PCI DSS
ISO 27001 focuses on broader information security, while PCI DSS (Payment Card Industry Dara Security Standard) focuses on the security surrounding online payments. PCI DSS is governed by a consortium of credit card companies and they ensure that online transactions are protected.
ISO 27001 for GDPR
ISO 27001 is an excellent starting for point for companies that need to achieve the EU’s GDPR (General Data Protection Regulation) compliance. GDPR states that companies must adopt appropriate procedures, policies, and processes to protect the personal data that they hold.
The framework of ISO 27001 will get a company half-way to complying with GDPR. ISO 27001 does this through the company achieving the necessary operational and technical requirements to reduce the risk of security breaches.