With the worldwide competitive pressure, organisations are trying to reduce costs, speed up supply chain and improve service. This has encouraged the creation of partnerships and the reduction of duplicate costs within a supply chain. Examples include re-entering order details and goods-in sampling and inspection.
One way to achieve these aims has been the sharing of commercially sensitive information. However there is concern about the security of such information, once it is passed to other organisations in the supply chain.
To answer this concern well as other security issues since “9/11”, ISO 27001 was developed to provide externally assessed checks of data security. Please note that ISO 27001 does not just cover the security of electronic data and therefore should not be considered only of concern of the IT or Computer specialists.
ISO/IEC 27001:2005 covers all types of organisations (e.g. commercial enterprises, government agencies, not-for profit organisations). ISO/IEC 27001:2005 specifies the requirements for the setting-up, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organisation’s overall business risks. It gives the requirements for the implementation of security controls customised to the individual organisations or parts thereof.
ISO/IEC 27001:2005 is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties.
ISO/IEC 27001:2005 is intended to be fulfil several different requirements, including:
Any Organisation serious about its Information assets. All requirements of this International Standard are generic and are intended to be applicable to all organisations, regardless of type, size and product provided.
Where any requirement(s) of this International Standard cannot be applied due to the nature of an organisation and its product, this can be considered for exclusion.
Now. Get the benefits sooner#
Covers all the information and data which is critical to your Business survival.
Three Format Options for documentation
We emphasise the Business rather than just the Information Security part of ISO 27001.