What is ISO 27001?
ISO/IEC 27001 is an international standard on how to manage information security. The standard was originally published jointly by the International Organisation for Standardisation (ISO) and the International Electrotechnical Commission (IEC) in 2005 and then revised in 2013. Both are leading international organisations that develop international standards.
ISO/IEC 27001 is a specification for an Information Security Management System (ISMS), providing a framework to help organisations, of any size or any industry, protect their information in a systematic and cost-effective way,
This framework of policies and procedures includes all legal, physical, and technical controls involved in an organisation's information risk management processes - a systematic approach to managing sensitive company information so that it remains secure.
Why is ISO 27001 so important?
It is important to have an effective ISMS to provide appropriate level protection to both an organisation’s information assets, and those entrusted to the Organisation by their customers, and to avoid avoidable incidents.
The business benefits from ISO 27001 certification are considerable. Not only do the standards help ensure that a business’ security risks are managed cost-effectively, but the adherence to the recognised standards sends a valuable and important message to customers and business partners: this business does things the correct way.
ISO 27001 is invaluable for monitoring, reviewing, maintaining, and improving a company’s information security management system.
Why you should be interested…
With reports of cyber-attacks and data breaches on the rise, ISO 27001 is an important cyber security certification.
According to a recent report by IBM and the Ponemon Institute, the cost of a data breach in 2021 is USD 4.24 million - a 10% rise from 2020 findings.
Many organisations, regardless of size and industry, want to preserve and maintain access to important historic documents or data. Often at the heart of cyber breach incidents, and because decommissioning is not usually an option, these IT systems pose a significant risk to organisations.
As these IT systems age, not only are they are unable to accommodate today's security best practices, such as multi-factor authentication, single-sign on and role-based access, but the security risks also increase as they may lack sufficient audit trails or encryption methods.
ISO 27001 is about information and managing the risks and threats that can affect its confidentiality, integrity, and availability.
Adhering to ISO27001 regulations is the best way to ensure data protection, privacy, and effective IT governance. A global standard for managing the security of information assets and mitigating risk, ISO 27001 provides a methodology to help manage information security risks.
I’ve heard of ISO 9001, so what’s the difference…
ISO 9001 is an internationally recognised Quality Management System. A Quality Management System (QMS) is a set of policies, processes and products required for planning and execution (production/development/service) in the core business area of an organisation. (i.e., areas that can impact the organisation's ability to meet customer requirements.)
ISO 9001 is a standard that sets out the requirements for a Quality Management System. It helps businesses and organisations to be more efficient and improve customer satisfaction.
ISO 9001 builds on seven quality management principles. These ensure an organisation or business is set up to consistently create value for its customers.
The adoption of a QMS is a strategic decision for an organisation that can help to improve its overall performance and provide a sound basis for sustainable development initiatives.
ISO 9001 focuses on improved quality and service, resulting in fewer non-compliant products and therefore complaints.
ISO 27001 focuses on improved security and governance, resulting in fewer security incidents and therefore issues.
What does it mean to be certified…
“The OLM Group, which Nalanda Technology is part of, has implemented ISO 9001:2015 (Quality Management System) and ISO 27001:2013 (Information Security Management Systems) standards as a single integrated Business Management System (BMS).
Meeting certification for both ISO 9001 and ISO 27001 ensures we have the tools not only for monitoring our business performance, but also for implementing continual improvement processes and ensuring the fulfilment of our commercial, contractual and legal responsibilities.”
Nalanda Technology’s recently renewed ISO 9001 and 27001 certifications not only reinforces our commitment to how seriously we, as a company, take information security, but also provides the companies and organisations we work with, complete peace of mind knowing their valuable data is safe and secure.
Protecting data that is crucial to a business is paramount for us and provides confidence to our stakeholders and customers that we have the processes in place to effectively manage and meet our compliance requirements."
David Rivett - Founder & COO, Nalanda Technology