What is ISO2700? A quick overview.
Information security management system (ISMS) is a centralised management framework that enables organisations to manage their information security across three domains: people, process and technology.
ISO/IEC 27001 is an externally recognised and widely accepted industry certification assuring the quality of your company’s ISMS. ISO 27001 was jointly produced by the International Organisation for Standardisation (ISO) and the International Electrotechnical Commission (IEC).
ISO27001’s focus is on risk management and does not require organisations to adhere to specific controls to achieve certification. Rather it is left to the organisation to implement the controls which are applicable based on the risks to their business. Adopting ISO27001 helps organisations protect their information using a risk-based approach that is systematic and cost-effective.
What are the benefits of the ISO27001 process and certification?
- Improves the organisation’s resilience to cyber-attacks by adopting a risk-based approach in protecting assets.
- The information security policies and objectives are aligned with the business strategy which helps the business achieve their goals by better managing risk.
- Demonstrates commitment from top-level management to information security. This has a positive impact in shaping the security culture of the organisation resulting in security being adopted in daily work activities
- Emphasis on continual improvement means that organisations review their security posture on an ongoing basis for adequacy. This is key to addressing changes in business priorities and evolving threat landscape.
- Helps organisations achieve cost savings by preventing information security breaches and also by avoiding security spend that exceeds the value it provides.
- Ensures all commercial, legal, regulatory and compliance requirements applicable to the organisation are addressed
- Helps better manage supply chain security by ensuring due diligence is performed during pre-contract and post-contract phases.
- Provides assurance to external customers that information security is being managed effectively and that their data is handled securely. This helps in retaining existing customers and attracting new ones.
- Implementing ISMS improves the organisation’s credibility to its shareholders and other partner/vendor organisations
To speak with a CGI cyber security expert about your cyber risk mitigation strategy, or for more information about conducting an IS27001 Gap Analysis please contact us.