What is ISO 27001?
ISO 27001 is an Information Security Management Systems (ISMS) standard that is promulgated by the International Organization for Standardization (ISO). It is a formal specification for an ISMS in that it mandates a particular set of controls that need to be in place. Therefore, organizations that claim to have adopted 27001 can be formally audited and certified compliant with the standard. It is this ability to certify the operation of an ISMS that makes the standard unique and makes it ideal to be used as a form of independent attestation to the design and operation of an Information Security program.
ISO 27001 certification requires that management:
- Systematically examines the organization’s information security risks, taking account of the threats, vulnerabilities and impacts;
- Designs and implements a coherent and comprehensive suite of information security controls (defined by ISO 27002 (formerly 17799)) and/or other forms of risk treatment to address unacceptable risks; and,
- Adopts an overarching management process to ensure that the information security controls meet the organization’s information security needs on an ongoing basis.
Another benefit to ISO 27001 compliance is that an organization adhering to the 27001 standard can also simultaneously fulfill other compliance requirements including HIPAA, PCI, Sarbanes Oxley, and Identity Theft/Personally Identifiable Information regulations with minimal additional effort.
If you require more information please call 888-PivotPoint and ask to speak with one of our Practice Area Managers or send us an email.