Description:
The value of an organization’s information and several recent high profile information security breaches are highlighting the ever increasing need for organizations to protect their information. An Information Security Management Systems (ISMS), like ISO/IEC 27001, is a systematic approach to managing sensitive company information so that it remains secure. It encompasses people, processes and IT systems. In this section you will find information on all of our ISO/IEC 27001 products and services; they will help you understand, implement and become registered to an Information Security Management System. ISO/IEC 27001 is a standard setting out the requirements for an Information Security Management System. It helps identify, manage and minimize the range of threats to which information is regularly subjected.
ISO/IEC 27001:2013 covers the following topics:
- Security policy – This provides management direction and support for information security
- Organization of assets and resources – To help you manage information security within the organization
- Asset classification and control – To help you identify your assets and appropriately protect them
- Personnel security – To reduce the risks of human error, theft, fraud or misuse of facilities
- Physical and environmental security – To prevent unauthorized access, damage and interference to business premises and information
- Communications and operations management – To ensure the correct and secure operation of information processing facilities
- Access control – To control access to information
- Systems development and maintenance – To ensure that security is built into information systems
- Business continuity management – To counteract interruptions to business activities and to protect critical business processes from the effects of major failures or disasters
- Compliance – To avoid breaches of any criminal and civil law, statutory, regulatory or contractual obligations, and any security requirement
Services include: