ISO27001:2017 is the standard for Information Security Management
ISO27001:2017 is the standard for Information Security Management; it is part of the ISO 27000 family of standards which helps organisations keep information assets secure. Adopted by thousands of organisations across the world, its implementation puts in place a systematic approach to managing sensitive organisational information, ensuring it remains both secure and available. It is a broad standard covering process, personnel, physical and technical security.
There are three key elements to note about the standard:
- Its generic requirements mean that it is applicable to all organisations, regardless of size, type or nature. However, you tailor it to the exact needs of your organisation through the information security controls that you select to implement within your Information Security Management System.
- It takes a flexible, risk-driven approach.
- It is dynamic –It focuses on continual improvement and helps the organisation keep ahead of changes both within and outside the organisation. There are a number of clear business benefits in adopting ISO 27001, either as best practice or by formally certifying against it.
- Improves enterprise security
- It is an independent, unbiased measurement of the actual information security state
- Increases customer confidence
- Reduces customer and supply chain audit
- Provides market differentiation
- Increased legislative and regulatory compliance