Information is critical to the operation and, in extreme cases, to the survival of your organization. Using an Information Security Management System (ISMS) and certifying it against the best practice standard, ISO/IEC 27001, will help you to manage and protect your information assets. ISO/IEC 27001 is based on, and replaces, the internationally recognized British Standard BS 7799, and it aligns with other international standards, including ISO/IEC 17799. ISO/IEC 27001 defines the requirements for an ISMS. The standard is designed to ensure that you select adequate and proportionate security controls which help you to protect information assets and to give confidence to interested parties,including your customers. ISO/IEC 27001 is not an IT only standard; information is an organizational asset. The standard has no technology requirements; although there are IT related controls as the majority of information is held on your IT systems.

Who is it for?
ISO/IEC 27001 is suitable for any organization, large or small, in any sector or part of the world. The standard is particularly suitable where the protection of information is important to your organization. ISO/IEC 27001 is also highly effective if you manage information on behalf of others. For example, if you are an IT
outsourcing organization, the standard can be used to assure your customers that their information is being properly controlled and protected.

BENEFITS
A common framework
Provides a common framework enabling you to develop, implement, and effectively measure information security
management practices.

A risk based approach

Provides a risk-based approach to help plan and implement an ISMS resulting in an appropriate and affordable level of organizational security.

Structured and proactive
Provides a structured and proactive approach to establishing an ISMS.

Asset protection
Ensures the right people, processes, procedures and technologies are in place to protect information assets.

Independent assurance of controls
Demonstrates independent assurance of your internal controls, therefore meeting corporate governance and business continuity requirements.

Information protection
Protects information in terms of confidentiality, integrity and availability.

Independent demonstration
Independently demonstrates that applicable laws and regulations are observed.

A competitive edge
Provides a competitive edge by meeting contractual requirements and demonstrating to your customers that the security of their information is paramount.

Independent verification
Independently verifies that your risks are properly identified, assessed and managed, while formalizing information security processes, procedures and documentation.

Facilitates continuous improvement
The regular assessment process helps you continually monitor and improve your ISMS.