ISO

Implementing a recognised information security management standard, such as ISO 27001 provides you with a framework to manage the security of your information and minimise both internal and external threats.

What is ISO?

ISO is an information security standard released by the International Organization for Standardization (ISO), as well as the International Electrotechnical Commission (IEC). ISO standards have been created for organisations to help them manage their information security processes, financial information, employee details, and intellectual property, as well as other security assets.

The ISO family of standards describe security techniques and codes of practice for information security controls and information technology. ISO standards are not mandatory, so companies do not need to adopt them. However, many organisations choose to adopt them to reassure customers and to demonstrate that they are using best practices.

ISO 27001 (ISO/IEC 27001:2013), formerly ISO/IEC 27001:2005, helps businesses stay in line with international best practice, while also optimising costs. The standard is both vendor and technology-neutral and is applicable to companies of all sizes, nature, and type.

ISO 27000 family

There are more than a dozen standards within the 27000 family and these include:

  • 27003 – implementation guidance
  • 27004 – ISMS standards that suggest metrics to improve the effectiveness of an ISMS
  • 27005 – an ISMS risk management standard
  • 27006 – a certification and registration guide of processes for accredited ISMS registration and certification bodies
  • 27007 – information security management system auditing guideline

What our clients think

From my point of view, the most impressive thing about OmniCyber is the feedback I get from others after having introduced them to Omni. An example of those comments include, the best penetration testers I have worked with as they work with you, not just on your system.

Client testimonial

When you take into account their competitive rates and flexible easy-going people, Omni is a joy to work alongside. So much so we have made them our penetration testing partner and they now deliver a managed service for us.

Client Testimonial

ISO 27001 vs PCI DSS

ISO 27001 focuses on broader information security, while PCI DSS (Payment Card Industry Dara Security Standard) focuses on the security surrounding online payments. PCI DSS is governed by a consortium of credit card companies and they ensure that online transactions are protected.

ISO 27001 for GDPR

ISO 27001 is an excellent starting for point for companies that need to achieve the EU’s GDPR (General Data Protection Regulation) compliance. GDPR states that companies must adopt appropriate procedures, policies, and processes to protect the personal data that they hold.

The framework of ISO 27001 will get a company half-way to complying with GDPR. ISO 27001 does this through the company achieving the necessary operational and technical requirements to reduce the risk of security breaches.

FREQUENTLY ASKED QUESTIONS

Browse our frequently asked questions or Contact us if you have any further enquiries.

You can download ISO 27001 as a preview from the official ISO website.

You can buy ISO 27001 from the official ISO Store.

An audit is a vital step to becoming ISO 27001 certified, testing your ISMS to highlight any areas that need attention, to improve the processes within your company

The certification supports compliance with other laws such as the Network and Information Systems Regulations (NIS) and the EU’s General Data Protection Regulation (GDPR).

The SoA is a mandatory document that needs to be created as part of the risk assessment of ISO 27001. The Statement of Applicability is vital for obtaining a ISO 27001 Risk Assessment and ISMS certificate.

Annex A is a series of controls that can be used to tackle the security threats identified as part of the ISO 27001 process. There is a total of 114 controls split into control sets. The control sets tackle information security policies, organisation of information security, human resource security, asset management, access control, and cryptography. The control sets also tackle physical and environment security, operations security, communications security, system acquisition, development and maintenance, supplier relationships, information security incident management, information security aspects of business continuity management, and compliance.

An ISO 27001 accreditation is a signal to other business that information security is being taken seriously. It also demonstrates that the accredited business is committed to continuously upholding those standards into the future.

The cost of attaining your ISO 27001 certification is relatively inexpensive, compared to the cost of a data breach. However, the cost for attaining ISO 27001 certification depends upon the size and complexity of your organisation.

All companies that have attained the standard will have an ISO 27001 certificate. Any company that has achieved certification will be happy to supply a copy of their certification.