ISO/IEC 27001 Information Security Management System
ISO 27001 is an approach for managing the information in a way, that guarantees its safety. This information could be property of the company – know-how, personal data, as well as client’s property.
Besides, the standard ISO 27001 requires strict compliance with the relevant legal by-laws in relation to information security, optimizing the use of the available resources, as well as periodic internal inspections in order to improve the management system.
The ISO 27001 certification proves that the company guarantees the security of its own information to maximum degree, as well as the security of the information of their clients.
The implemented and functioning information security management system (ISMS) guarantees the providing of continuity in the company, in case of emergency situations and crisis.
Information is an asset, which as well as other business assets, adds value to the activity of the organization and therefore has to be protected.
ISO 27001 protects the information from plenty of hazards in order to provide continuity, to reduce to minimum the damages for the company and to increase to maximum returns on the investment and business opportunities.
The ISMS is a systematic approach to manage the harmful information for a company, in order to remain inviolable. This information covers aspects such as people, processes and IT systems.
ISO 27001 determines the requirements for development, implementation, operation, surveillance, review, maintenance and improvement of the documented ISMS in the context of the whole business risk in the organization. It sets the requirements for implementation of security controls, consistent with their individual needs.
ISO 27001 includes the process approach of ISO standards from the management systems – ISO 9001 and ISO 14001 – as well as Deming’s cycle (plan-do-study-act) and the requirement for constant improvement.
ISO 27001 outlines the rules for definition, settlement, application, review, monitoring, maintenance and improvement of the documented information security management system in the context of general risks for a specific company/ organization.
This standard is developed in order to guarantee a suitable choice for control regarding the security of the information and trust between separate organizations and their partners.