ISO 27001 certification in brief
- ISO 27001 formally specifies a management system that is intended to bring information security under explicit management control.
- Being a formal specification means that it mandates specific requirements.
- Organizations that have adopted ISO 27001 are therefore formally audited and certified to be compliant with the standard.
- The standard contains 11 domains like Security Policy, Asset Management, Physical Security, Access control, HR Security to name a few.
( Read more: Top 5 Big Data Vulnerability Classes)
Type of organizations which should adopt ISO 27001
Any Organization which has information assets may want to adopt the standard. There is no such criterion of adoption. If the organization believes that it has information susceptible to vulnerability resulting into a significant risk to business may want to adopt the standard
Key drivers for adoption
A company may want to adopt ISO 27001 for the following reasons:
- It is suitable for protecting critical and sensitive information
- It provides a holistic, risk-based approach to secure information and compliance
- Demonstrates credibility, trust, satisfaction and confidence with stakeholders, partners, citizens and customers
- Demonstrates security status according to internationally accepted criteria
- Creates a market differentiation due to prestige, image and external goodwill
- If a company is certified once, it is accepted globally.
(Watch more : 3 causes of stress which we are unaware of !)
Key benefits of ISO 27001
- It acts as the extension of the current quality system to include security
- It provides an opportunity to identify and manage risks to key information and systems assets
- Provides confidence and assurance to trading partners and clients;
- Allows an independent review and assurance to you on information security practices
- By Niranjan Bal, CISO and PMO, Hindalco Industries Ltd.
More: Want to be an author? Nominations open for co-authors of CISO Handbook
Comments