What Is ISO 2700x?
The impact of current privacy concerns, regulatory requirements and legislative security protection has forced organizations to consider information security system frameworks, such as that of the International Standards Organization (ISO). The ISO-27001 standard was created to manage the development and the setting-up of an Information Security Systems Management program. In this case, the term information covers information under all its forms, electronic or physical. The ISO 27001/2005 standard specifies conditions to establish, implement, set up, manage, review, maintain and improve the documented management of the information security systems in a global context of business risks for the organization. This standard was created, like the ISO-9001 (Quality) and 14001 (Environment), to allow the business certification as part of an ongoing improvement process.
Contrary to common belief, certification is applicable against ISO 27001, rather than ISO 27002 (ex 17799). The certification itself is international, in that National Accreditation Bodies have a mutual recognition model in place enabling certifications granted in one territory to be recognized in another.
- What Is ISO 27001
ISO/IEC 2700 Series, more specific ISO/IEC 27001:2005, is a quality assurance and documentation approach to ensure the selection of adequate and proportionate security controls that protect information assets are in place. This standard specifies requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization’s overall business risks. It also covers implementation of customized security controls, compliance and maintenance by:
- Systematically examine and formulate security requirements and objectives by taking account of the threats, vulnerabilities and impacts as they relate to an organization’s information security risks
- Design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable
- Adopt an overarching management process to ensure that the information security controls continue to meet the organization’s information security needs on an ongoing basis
- Ensure that security risks are cost effectively managed
The ISO/IEC 27001:2005 regulation provides an organization with a security process framework for the implementation, management and status evaluation controls to ensure objectives are met. Praetorian Secure assists organizations with streamlining internal and external auditing to determine the degree of compliance, and provides a quality management approach to security that is sometimes required by vendors, suppliers and clients.
Why Adopt ISO 27001?
The most important reasons to adopt based on the increasing regulation and the business risks management factors. The initiative towards a support service for the ISO 27001 compliance allows the business to address its concerns in terms of information security and compliance to international requirements while showing an organizational maturity and a real objective of continuous improvement. This initiative relieves administrators and allows executive members to make sure the situation is managed in accordance with the international applicable standards.
Why Become Certified?
Common reasons to seek certification include: Organizational assurance; trading partner assurance; Competitive advantage (market leverage); reduction or elimination of trade barriers; reduced regulation costs; etc.
Whether it is to prepare your organization for an ISO certification, an audit or simply to better implement the best practices held in these standards, TBG Security’s compliance consultants will guide you through the necessary steps of the implementation.
Our Compliance Services practice delivers a full range of assessment, remediation, implementation, certification and education services to help organizations of all sizes establish and improve compliance. At TBG Security, we take a four phased, methodical approach to insuring that your organization meets their security needs today and positions themselves to meet the changing landscape of regulatory compliance and threats with a minimal impact to their business. TBG Security works closely with customers to help determine if they are in compliance with the regulations and standards, document that compliance and improve security best practices. TBG Security’s deep experience in information security and the compliance requirements allows us to be a Trusted Security Advisor, providing ongoing support for all your compliance initiatives.
For more information on how TBG Security can help your organization reach compliance contact our our Compliance Practice Manager or call us directly at 877.233.6651 ext 704.