What is ISO 27001?
ISO/IEC 27001:2013 is the recognised international standard for Information Security Management. In todays world of digital commerce, any business, large or small should ensure that they have an information security procedure in place.
What are the requirements to obtain ISO 27001 certification?
There are several steps that an organisation will need to take for implementation of this cyber security management system. These steps include (but are not limited to):
- Planning – Ask yourself what the standard will do for your business, how will it improve your current way of working? What are the objectives of implementing the standard? Treat this certification as its own project.
- Documentation – Define a security management system roadmap that will help you ensure that this project is progressing correctly. Document requirements for risk assessment and treatment.
- Education – Your business team members should all be on board and aware that this project is taking place, it is not just for the IT department to be involved with.
- Ownership – Document and communicate the roles and responsibilities for all involved in the system.
- Control – To be fully compliant with ISO 27001, a company must list all the controls that are to be implemented as part of the management system. These controls are organised into domains focusing on areas such as: organisational issues, HR, information technology, physical security and legal issues.