• Home
• News
• Seminars
• Planning
• ISO standards
• Contact
• Associates
• Links

ISO 27001:2005 some simple facts

ISO 27001:2005 is the international standard for a company to manage it's information security. It sets out how a company should address the requirements of confidentiality, integrity and availability of it's information assets and incorporate this into an Information management security system (ISMS). There are currently two main drivers of growth, the public sector and the financial sector.

• ISO/IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organisation's overall business risks.
• Certification to ISO/IEC 27001 is a powerful  demonstration of an organisation’s commitment in managing information security.
• Increasingly organisations will want to know how safe a suppliers IT systems are. Indeed, more companies now see certification to ISO/IEC 27001 as a prerequisite for doing business.
• Attaining the standard makes a public statement of capability without revealing security processes or opening systems to second party audits.
• The standard ensures controls are in place to reduce the risk of security threats and to avoid system weaknesses being exploited. It will also help an organisation to develop a business continuity plan that will minimise impact of any security breaches
• Unprotected systems are vulnerable to computer-assisted fraud, sabotage and viruses. Breaches in information security can allow vital information to be accessed, stolen, corrupted or lost. An organisation needs to be confident that it has the appropriate controls and procedures in place to avoid such incidents
• ISO/IEC 27001:2005 covers all types of organisations such as small businesses, commercial enterprises, government agencies and not-for profit organisations.
• Compliance with legislation provides a process whereby existing and potential legislation is identified. ISO/IEC 27001 has been recommended by the UK Data Protection Commissioner as one way in which organisations can demonstrate they meet the requirements of the standard.
• Organisations can use the Standard to provide relevant information about information security to customers
• An effective ISMS will identify and clarify existing information security management processes and incorporate them into the procedures
• An information security system to ISO/IEC 27001 will help to make staff aware of their individual duties in protecting the organisations sensitive data

Courtesy of IMSM Ltd