ABOUT THE STANDARD
Information security management system is part of the overall system of organization designed according to the requirements of standard ISO/IEC 27001, which aims to establish, implement, operate, monitor, review, maintain and improve information security taking into account all security risks to the organization’s business.
ISO/IEC 27001 cover the following areas:
- risk analysis and risk management;
- security policy;
- organization security;
- property classification and management;
- security policy in human resource management;
- physical and information security of property and environment of organization;
- communications and operations management;
- access control;
- development and maintenance of ISMS;
- incident management;
- business continuity management through improvements;
- compliance with legal regulations.
This standard was created as a result of the need to define internationally accepted norms, which will define the framework for the formation of a comprehensive protection system and the objectives of its operation in order to effectively and efficiently manage information security. This standard defines four main areas of information protection system with its requirements:
- information security management system
- management responsibility
- management assessment
- improving information security management system.
BENEFITS OF CERTIFICATION
Advantages of ISO 27001 implementation and certification:
- just-in-time effect – right information, in the right place, at the right time;
- protection and preservation of company know-how;
- increase of effectiveness and efficiency of information system;
- increase of business credibility and trust by clients and partners;
- breakthrough in demanding international market;
- possibility of long-term interest connections with other companies;
- time saving by rationalizing amount and content of information;
- optimization of resources needed to distribute and store informations;
- early identification of vulnerabilities, threats and potential negative impacts on business;
- reduction of the risk of hiring people who could harm the organization;
- achieving synergy effect of team work;
- compliance with the legal regulations;
- accessibility to clients through e-business;
- faster information flow between employees;
- creating conditions for delegating responsibilities;
- reduction of misunderstandings among employees due to “crossover of information”;
- international verification of your good business practice.