Is ISO 27001 Right for (Y)our Organization?
A Free On-Demand Webinar On ISO 27001
What You Will Learn
ISO 27001 is an Information Security Management Systems (ISMS) standard that is promulgated by the International Organization for Standardization (ISO). It is a formal specification for an ISMS in that it mandates a particular set of controls that need to be in place.
Therefore, organizations that claim to have adopted 27001 can be formally audited and certified compliant with the standard. It is this ability to certify the operation of an ISMS that makes 27001 unique and makes it ideal to be used as a form of independent attestation to the design and operation of an Information Security program.
ISO 27001 requires that management:
- Systematically examines the organization’s information security risks, taking account of the threats, vulnerabilities and impacts;
- Designs and implements a coherent and comprehensive suite of information security controls (defined by ISO 27002 (formerly 17799)) and/or other forms of risk treatment to address unacceptable risks; and,
- Adopts an overarching management process to ensure that the information security controls meet the organization’s information security needs on an ongoing basis.
- Another benefit to 27001 is that an organization adhering to the 27001 standard can also simultaneously fulfill other compliance requirements including HIPAA, PCS, Sarbanes Oxley, and Identity Theft/Personally Identifiable Information regulations with minimal additional effort.
“The webinar was really informative and put implementation on a different perspective than we have seen.”