ISO 27001: INFORMATION SECURITY MANAGEMENT SYSTEMS
ISO 27001 is an internationally accepted standard that can help an organisation give confidence to its stakeholders that it has systems in place to keep information safe, accurate and confidential.
As organisations grow and economies link directly to the world, companies are feeling more urgently the need to protect stakeholders’ information. With companies in Information Technology leading the way, ISO 27001 certification is now spreading its wings to sectors including voluntary organisations, engineering and electrical, BPOs, service providers and governmental organisations.
Based on the PDCA (Plan, Do, Check, Act) model used as the basis for ISO standards, ISO 27001 lays stress on the initial planning and subsequent monitoring and control of process parameters. Demonstration of an effective ISO 27001 system is based on a comprehensive risk assessment and selection of control objectives and risk treatment measures. By following a step-by-step approach to managing sensitive information and the people who handle it, an organisation stands to gain the confidence of its customers and employees as well as the goodwill of the marketplace.