ISO 27001: 2005 INFORMATION SECURITY MANAGEMENT SYSTEM

What is ISO 27001?

With the worldwide competitive pressure, organisations are trying to reduce costs, speed up supply chain and improve service. This has encouraged the creation of partnerships and the reduction of duplicate costs within a supply chain. Examples include re-entering order details and goods-in sampling and inspection.

One way to achieve these aims has been the sharing of commercially sensitive information. However there is concern about the security of such information, once it is passed to other organisations in the supply chain.

To answer this concern well as other security issues since “9/11”, ISO 27001 was developed to provide externally assessed checks of data security. Please note that ISO 27001 does not just cover the security of electronic data and therefore should not be considered only of concern of the IT or Computer specialists.

ISO/IEC 27001:2005 covers all types of organisations (e.g. commercial enterprises, government agencies, not-for profit organisations). ISO/IEC 27001:2005 specifies the requirements for the setting-up, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organisation's overall business risks. It gives the requirements for the implementation of security controls customised to the individual organisations or parts thereof.

ISO/IEC 27001:2005 is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties.

ISO/IEC 27001:2005 is intended to be fulfil several different requirements, including:

• use within organisations to determine security requirements and objectives;
• use within organisations as a method of ensuring security risks are managed cost effectively;
• use within organisations to check legal and regulatory compliance;
• use within organisations as a framework for the setting up and managing the controls that ensure the organisation’s specific security objectives are complied with;
• defining new information security (IS) management processes;
• identifying and clarifying the existing IS management processes;
• use by the management to check the condition of IS management activities;
• use by both internal and external auditors to identify the amount of compliance to the organisation’s information security management system;
• use by organisations to give relevant information about IS to trading partners and other organisations for operational or commercial reasons;
• implementing business-enabling information security;
• Use by organisations to give relevant information about IS to customers.

Note

1. ISO 27001 is not just about IT and Computer systems but about all important information within the Organisation
2. ISO 27001 is about the managing of risk relating to Information assets and taking the appropriate action whether training, and controls. It is about the balance of Availability, Integrity and Confidentiality. It is not therefore about the ultimate control and protection of information.

Who needs it?

Any Organisation serious about it Information assets. All requirements of this International Standard are generic and are intended to be applicable to all organisations, regardless of type, size and product provided.
Where any requirement(s) of this International Standard cannot be applied due to the nature of an organisation and its product, this can be considered for exclusion

When?

Now. Get the benefits sooner

Why ISO 27001?

1. Improve Efficiency and Effectiveness
2. Required by Customer or Supplier or for Regulatory compliance

Where?

Covers all the information and data which is critical to your Business survival.

How?

Three Format Options for documentation

1. Text – the traditional approach but limits the opportunity for Business Improvement
2. Process Diagrams – assists with clearer understanding of processes and process interaction but often cumbersome keep up-to-date, to interlink electronically and to link to responsibilities
3. Integrated Business Model – Opportunity for Business Improvement

Why use the Hosted Business?

We emphasis the Business rather than just the Information Security part of ISO 27001.