ISO 27001 is the International Standard that defines the requirements of an Information Security Management System (IMS). It is a set of policies and procedures aiming at managing the risks inherent to a company’s information system. IMS ensures the integrity, availability, confidentiality, safety of corporate data processing and the protection of the company against malicious cyber-attacks, breaches, information leaks, theft, data loss, and finally ensures the business continuity.
The development of an Information Security Management System requires the evaluation / assessment of IT data (Information Technology system assessment) and dispute resolution (gap analysis) in the computerized system of the company, according to the requirements of the standard, with analysis of proposed interventions (Diagnostic Study). This, includes:
In the above, the Information Security System is complemented by the general management principles and requirements of Management Systems.
The ISO 27001 standard can be applied to any company regardless of its size or type of activities. The implementation of the ISO 27001 standard by a company leads to relevant certification, following an audit carried out by a Certification Body. The Information Security Management System can be developed in parallel or complement to other Management Systems, creating a Total Management System in terms of Quality, Environment, OSH, Information Security. etc.
For more information about Management Systems, see the “Information Material” section.