Information Security & Compliance (ISO 27001)Before you read any further, if your organization does NOT have security controls mandated by either client, regulatory, or legal requirements, then a comprehensive ISO 27001 information security management system is not necessary. BUT information security should still be a top priority for every organization, and we can help you take the necessary security steps to protect your company at very affordable rates. Click here to learn more and receive a free organization security evaluation.
About ISO 27001
ISO/IEC 27001:2005 (ISO 27001 for short) is part of the ISO/IEC 27000 international family of standards. It is an Information Security Management System (ISMS) standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). ISO 27001 is a certifiable standard that formally specifies an Information Security Management System (ISMS) which is regularly reviewed and audited both internally and externally in order to achieve certification for the standard. Management controls, operational policies, and accepted information security risks are established mandating specific requirements for implementing, maintaining, monitoring, reviewing/auditing, responding to non-compliance, and improving the organization's ISMS.
The key objective of ISO 27001 is to make sure that confidentiality, integrity, and availability is ensured for critical data assets. The ISMS will benefit your organization by ensuring customer confidence, aiding in compliance and regulation, addressing internal/external security risks, and promoting internal effectiveness. ISO 27001 certification makes sense for your organization when information security compliance is mandated by client, regulatory, or legal requirements.
ISO 27001 key areas of coverage
- Risk assessment
- Security policy
- Organization of information security
- Asset management
- Human resources security
- Physical and environmental security
- Communications and operations management
- Access control
- Information systems acquisition, development and maintenance
- Information security incident management
- Business continuity management
About ISO 27002
ISO 27002 stops short of obtaining the ISO 27001 formal certification, but it provides best practice recommendations for information security management policies allowing your organization to establish and maintain a comprehensive information security management program or improve your current information security practices. Since there is no certification requirement with ISO 27002, your organization does not have to implement every recommended security control. ISO 27002 makes sense for your organization if you are looking to improve your overall information security management system, address targeted security risks within your company, or to build a foundation for achieving ISO 27001 certification.
Benefits of ISO 27001 for your organization
- Establishes a formal information security framework for implementing security controls and objectives
- Ensures compliance with client, regulatory, and legal requirements
- Allows you to provide relevant security policies and pass security audits required by prospective clients
- Identify and improve current security processes
- Establish acceptable business risks for relevant security controls
- Reduce the costs and risks of security breaches if they do occur as well as ensuring the incident is properly managed
- Provides for independent certification by a third-party organization
How we can help your organization
- Initial consultation to evaluate the current state of your information security programs against best practices as defined by ISO 27001
- Determine your current information security risk assessment of the ISO controls area
- Evaluation of your network and physical architecture
- Development of written security policies/controls, ISO auditing procedures, and policy improvement
- Establish ISO 27002 best practices if security improvements are necessary but not required
- Obtain ISO 27001 third-party certification
Contact us today to learn more about our ISO 27001/27002 services.
Information Security & Compliance Blog Postings
- What to do if your small business website is hacked
- WordPress SEO by Yoast has a security vulnerability
- Vulnerability in the UpdraftPlus plugin for WordPress
- Some additional WordPress Security Plugins for you to consider
- What does the Heartbleed Bug mean to your business?
- Data security - network port controls
- What does the Target hacking mean for small businesses?
- Data security - web based and software application security
- Data security - vulnerability scans
- Business Continuity - Email & Phones
- Additional WordPress Security & Backup Plugins
- Configuration Security for Firewalls, Routers, & Switches
- VoIP Phone Security
- Access control continued - Account user monitoring
- Data security and employee training
- Additional detail on access control
- Data security - reviewing your logging records
- Data security - Network perimeter defense
- WordPress websites under a worldwide "brute force" attack
- Update of LinkedIn data security considerations
- Data security considerations for social marketing - LinkedIn
- Data security - securing your data and preventing data loss