ISO/IEC 27001 /BS 7799-Information Security Management System

ISO 27001 is the international standard for Information Security Management Systems (ISMS). It provides a model for risk assessment, security design and implementation, and security management. The ISO 27001 standard specifies implementation and management guidelines to help keep your digital and paper information safe.

The security controls are to implement confidentiality, integrity and ensure working practices are in place to safeguard any data and information of 'interested parties'. Included in this are customers, employees, partners (suppliers) and the general public. Organisations that manage without significant controls and protected systems are more vulnerable to fraud and viruses, security breaches and lost data as critical information can be accessed without their permission.

The standard is particularly popular where information protection is critical, such as in the finance, health, public and IT sectors (especially IT outsourcing companies).

Who needs ISO 27001?

Any organization that holds sensitive information is a candidate for ISO 27001 certification. In particular, companies in the healthcare, finance, public, and IT sectors can benefit greatly from a certified ISMS.