ISO27001:2013 + GDPR

ISO27001:2013 + GDPR

Information Security Management System:
The system helps your company to align information security management with business compliance and risk reduction objectives.
It focuses on the availability, confidentiality and integrity of organizational information, and only on those risks relevant to the business justified financially & commercially through a risk assessment.
ISO27001 is the standard for ISMS (Information Security Management System) and helps identify, manage and reduce the range of risk to which information is regularly subjected.

What does Information Security mean?
Most people think of the security of information means keeping information secret. While it is true that confidentiality is an important part of Information Security, it is also about the integrity and availability of information. So you can say that it is not simply a matter of making sure that information relating to your staff, your clients, your suppliers and even the information which you see as being commercially sensitive; it is also about making sure that the information you hold is correct; it has not been mis-recorded or altered and it is about making sure that your can actually access the information quickly and easily whenever you need to.
Why is Information Security important?
You have a legal duty to keep information that you hold about people safe. The Processing of Personal Data (Protection of Individuals) Law of 2001 requires it. Similar laws are in place right across Europe. No doubt you will also see it as important that the information that you regard as being secret should not fall into someone else's hands. No doubt your staff, customers and suppliers think so to. If they think you are not taking care of information, they may stop dealing with you.
The integrity of data is important because you cannot get good results from bad data, whether it has been corrupted accidentally or maliciously. There is a well-known saying in the computer world that if you put garbage in, you will get garbage out. Can your organisation work and grow if your information is wrong?
However accurate your data may be, it is quite useless if you cannot access it. We get unhappy when our computers are just slow in retrieving and manipulating data. How will we feel if the computer simply cannot find the data at all or if the CD that we stored important files on has been lost?
How does ISO727001 help?
ISO27001 provides a framework to help you to manage your information so that your information does remain confidential to those who have a right to know, that it is accurate to enable you to work effectively with it and that it remains available whenever you need it. Certification against ISO27001 will provide evidence to your customers, your suppliers, your staff and government that your are taking seriously your responsibility for managing the data that you hold. It will also help you to be confident that your confidential information is not known to the wrong people.
What does ISO27001 involve?
Like its predecessor, ISO9001, this standard provides a framework on which you construct your management system. You have to identify those aspects of Information technology, including National and European legal requirements, that are relevant to your business and to assess the risks that each of those aspects presents in your case. Logically, then you need to work out what methods you are going to use to control those risks, i.e. to make sure, as far as possible, that the problem does not arise.
On-going checks and reviews are required, just as with ISO9001 that you are continuing to maintain and improve on your control methods and systems.
What ISO27001 is not?
ISO27001 is NOT simply a technical fix that can be implemented by event the most talented technician. It provides a management system to help those who are supposed to manage the organisation to do so.
It is NOT a magic wand that you can wave to make problems go away. You have to work at it.
It is NOT A SUBSTITUTE for ISO9001. You need both!

Information is critical to the operation and perhaps even the survival of your organization. Being certified to ISO/IEC 27001 will help you to manage and protect your valuable information assets.

ISO/IEC 27001 is the only auditable international standard which defines the requirements for an Information Security Management System (ISMS). The standard is designed to ensure the selection of adequate and proportionate security controls.

This helps you to protect your information assets and give confidence to any interested parties, especially your customers. The standard adopts a process approach for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving your ISMS.

Who is it relevant to?
ISO/IEC 27001 is suitable for any organization, large or small, in any sector or part of the world. The standard is particularly suitable where the protection of information is critical, such as in the finance, health, public and IT sectors.

ISO/IEC 27001 is also highly effective for organizations which manage information on behalf of others, such as IT outsourcing companies: it can be used to assure customers that their information is being protected.