What is ISO 27001:2013 standard?
ISO 27001:2013 – Information Technologies – Security Techniques – Information Security Management Systems Requirements
Organizations deal with huge information and data to conduct its business. Many of them perceive data from their customers, external providers and associates related to their business and they process this data for their internal use and use as process inputs. This information / data is handled by the personnel and involves use of equipment, infrastructure and organizational assets. Such Data is generally is in soft media and uploaded on own / hired servers. This data is constantly under threat from many sources. These sources could be malicious, internal, external, or accidental.
As the technology related to storage, retrieval & transmittal of information is getting advanced every now & then, information security is becoming an ever increasing and growing problem. It has become essential for organizations to establish a comprehensive Information Security Management System.
An Information Security Management System (ISMS) is a systematic approach to managing sensitive information of the organization so that it remains secure. It encompasses people, processes, and IT systems. Information security goes beyond installing the latest firewall or hiring a security agency. Comprehensive ISMS needs for each element to be effective, an overall approach and integration of different security initiatives. It is essential to establish a Policy and to ensure the integrity, confidentiality and availability of corporate & customer information.
IT industry has come of its age in last two decades and needed an information management standard at the international level. A British national standard BS 7799-2 : 2002 standard. was launched in 2002 and was used by most of the industry.
In the year 2005, ISO launched ISO 27001: 2005, an international standard so that organizations could manage their information security system. It is the specification for an Information Security Management System (ISMS). It establishes a system to identify risks to an ISMS and defines the requirements of IFMS. This standard is a replacement of BS 7799-2: 2002 standard. It has been revised to ISO 27001;2013 version.
Organization needs to plan ISMS, undertake a review of all potential security breaches which not only relate to IT systems, but are extended to all sensitive information within your organization. Develop a security Policy to demonstrate support and commitment of top management and develop procedure to support the security policy.
This will cover a range of areas including asset clarification and control, personal security, physical and environmental security and business continuity management.
In the words of the standard itself, it is intended to “provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system. It offers a process driven approach, known as PDCA: plan-do-act-check. By utilizing continual improvement, the standard helps establish and maintain an effective information management system. ISO 27001:2013 is applicable to all organizations engaged in using Information technologies and security techniques in IT.to identify and control risks to information security.
- Incorporates information technology departments into the management system.
- Requires an evaluation of risk to data storage, transmission, retrieval and systems to evaluate and mitigate any potentially embarrassing breaches.
- Makes the HACCP to be certified
- Helps meet the requirements of the customers & reduces the time spent on auditing your organization.
- Improves communications and the integrity of data transmission among facilities.
- Provides a passport to the global market