ISO 27001 – Achieve ISO Certification with IT Governance eBooks, Toolkits and Pocket Guides
ISO 27001 – Achieve ISO Certification with IT Governance eBooks, Toolkits and Pocket Guides
ISO/IEC 27001:2005 is an international standard for information security management systems (ISMS). This standard, which is closely allied to ISO/IEC 17799:2005 (also known as ISO 27002), helps organisations meet all their information-related regulatory compliance objectives, and helps them prepare and position themselves for new and emerging regulations.
ISO 27001 ISMS Requirements can be downloaded here >>
ISO/IEC 27001 provides the specification for an ISMS, and the related code of practice – ISO/IEC 17799 – contains the controls and implementation guidance necessary to implement ISO 27001. It draws on the knowledge of a group of experienced information security practitioners in a wide range of significant organisations across more than 40 countries to set out best practice in information security.
Information is crucial in today’s organisations and, therefore, ensuring that information is simultaneously protected and available to those who need it is essential to national and international business operations. Unfortunately, information systems are not usually designed from the outset to be secure. Therefore, management systems and procedural controls constitute essential elements of any secure information system and, to be effective, need careful planning and attention to detail.
Information security and an ISO 27001 white paper
If you are new to information security and the ISO 27001 certificate, provide us with your details below and we will send you a free ITG ISO 27001 and information security white paper.
ISO standards
The ISO 27000 standards are a part of a family of standards across a variety of subjects. They constitute a network of the national standards institutes of 162 countries (in India this institute is QCI).
ISO (short for International Organisation for Standards) has developed over 18,500 international standards on a variety of subjects, and some 1100 new ISO standards are published every year. The main purposes of the standards are:
- Making the development, manufacturing and supplying of products and services more efficient, safer and cleaner
- Facilitating trade between countries and making it fairer
- Providing governments with a technical base for health, safety and environmental legislation, and conformity assessment
- Sharing technological advances and good management practices
- Disseminating innovation
- Safeguarding consumers, and users in general, of products and services
- Making life simpler by providing solutions to common problems.
ISO/IEC 27001:2005 incorporates the process-based approach of the management system standards for ISO 9001:2000 and ISO 14001:2004, including the Plan-Do-Check-Act (PDCA) cycle which enables continuous improvement.
Organisations which plan to have their ISMS certified as complying with the requirements of ISO/IEC 27001:2005 can do so by contacting QCI’s accredited certifying companies which will carry out all the essential audits and award certification.
ISO 27001 in India: Government regulations
ISO certification is not only a corporate issue. It is now becoming a government issue in the majority of countries around the world, too.
In India, in April 2011, the Government released a new announcement on privacy data law which relates to any company that collects information within the country. The proposed regulations will have a major impact on global enterprises doing business with Indian outsourcers. State regulations in India require companies to ensure private data stays private.
When outsourcing aspects of IT that touch data stores, companies need to be extra careful that the service providers they engage with, follow these new rules of the law, and the exact policies of their shareholders and/or management. Not complying with this new Act can create a disruption and result in fines, damaged reputation and even loss of revenue.
Organisations must follow new regulations stated in the Indian ITA (Information Technology Act), which include:
• ISO 27001 compliance
“The body corporate or a person on its behalf who have implemented either IS/ISO/IEC 27001 standard or the codes of best practices for data protection as approved and notified under sub-rule (3) shall be deemed to have complied with reasonable security practices and procedures provided that such standard or the codes of best practices have been certified or audited on a regular basis by entities through independent auditor, duly approved by the Central Government."
• External auditing
“The appropriate Government may cause an audit to be conducted of the affairs of the service providers and authorised agents in the State at such intervals as deemed necessary by nominating such audit agencies. (...) The audit of reasonable security practices and procedures shall be carried out by an auditor at least once a year or as and when the body corporate or a person on its behalf undertakes significant upgradation of its process and computer resource.”
For more information on ITA regulations and other cyber laws in India, please visit the website below:
http://www.mit.gov.in/content/cyber-laws
Things to remember
ISO 27001
• ensures you comply with ITA
• will underpin and protect IT worldwide over the next decade
• is designed to harmonise with ISO 9001:2008, ISO 14001:2004, ISO 20000 and others for effective management system integration
• implements the Plan-Do-Check-Act (PDCA) model
• reflects the principles of the 2002 OECD guidance on the security of information systems and networks
Prosperity through quality with ISO 27001 certification – how IT Governance can help you on your journey to ISO 27001 certification and improvement of your corporate data security
It is no secret that ISO 27001 is an indication of high quality business practices and information security management. The certificate not only demonstrates that an organisation follows best practise, it also helps an organisation win new business, both nationally and internationally. More clients, means more revenue.
Become ISO certified with the range of these useful ITG resources:
Coming soon: our new omnibus editions of ISO 27001 Pocket Guides
E-mail us for more information about how our consultants could help you implement the ISO 27001 Standard.