What is ISO 27001?

ISO/IEC 27001:2013 is an information security standard that was published in September 2013[1] It supersedes ISO/IEC 27001:2005 and is published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) under the joint ISO and IEC subcommittee, ISO/IEC JTC 1/SC 27.[2]

It is a specification for an information security management system (ISMS).

Organizations that meet the standard may be certified compliant by an independent and accredited certification body on successful completion of a formal compliance audit.

ISO 27001 Information Security Management System (ISMS) is a comprehensive approach to keep confidential corporate information secure. It encompasses people, processes and IT systems and helps your business coordinate your security efforts consistently and cost effectively.

Its easy to understand why clients and customers wouldn’t do business with your company if you can’t promise their information is protected. After all, data is one of the most valuable assets any business has today. ISO 27001 will protect your business from a comprehensive list of security threats including internet fraud, PC or laptop theft, overseeing of transactions and more.

Why implement an ISMS?

An ISMS offers several significant benefits to both the organization and its customers especially in the protection of private information.​

  • It ensures suitable security controls are in place – The intensive risk assessment and other processes involved in implementing the ISMS help to verify that any security controls and strategies are appropriate, cost effective, and prioritized to address the core security needs of the organization.​
  • It demonstrates a commitment to security best practice – The existence of an ISMS is a powerful demonstration to an organization’s customers of its commitment to information security. Customers can be confident that an ISMS-compliant organization understands and implements industry best practice. Certification of the ISMS provides independent and unbiased evidence of this compliance.​
  • It ensures compliance with third party obligations – Many organizations will have external responsibilities with regard to the data in their possession. These may concern privacy, intellectual data ownership, or, in an increasingly regulatory environment, legal issues. An ISMS can greatly assist an organization in the fulfillment of such requirements.​
  • It assists in complying to legislation around protection of personal information – There has been a steady increase in compliance requirements globally to protecting personal information.  POPI in South Africa was fully enacted on 1 July 2020.  GDPR (General Data Protection Requirements) has been in place for a couple of years and is the European Union regulations regarding protection of Personal information. For these and other country Personal information regulations, they all require the implementation of an Information Security Management System.