ISO 27001:2005: Information security management systems
Most of us depend more than ever on IT systems, wireless and mobile telephone networks and increasing connectivity in today’s business environment. But companies are challenged with threats to these systems, exposing assets to risk.
However, implementing and managing effective information security provides companies with the means to minimize these risks while maximizing business opportunities and investments, we also face greater government and legislative requirements that add to our business challenges.
ISO 27001:2005 was developed as a common business language to help information security management to address the needs of companies from all business sectors.
The standard is published in two parts:
- ISO 27001: 2005 Information Security Management
- ISO-17799: Code of Practice for Information Security Management
ISO 27001:2005 certification
An organisation has to comply with the ISO 27001:2005 standard in terms of availability, integrity and confidentiality of company information. This organisation\'s wide established system helps them to meet requirements of security and is called an ISMS is a process that takes a systematic approach to managing sensitive company information in order to keep it secure.
This process involves people, processes and IT systems of an organisation.
Benefits of adoption
Certifying your information security management system with ISO 27001 will bring the following benefits to your organisation:
- Systematic identification of information security risks
- Availability of a business continuity plan in case of a natural or manmade disaster
- Reduction of impact in case of risk occurance
- Efficient protection of confidential data
- Improved ability to survive such disasters
The certification process is a multiple-step process. The certification cycle is described briefly:
- Application for certification
- Offer from ASYS
- Offer acceptance from client and order confirmation by ASYS
- Preaudit (optional)
- Certification audit
- Issue of certificate on successful completion of certification audit
- Surveillance audits at defined interval
- Recertification audit