> What is information security?
> ISO 27001
What is ISO 27001 (BS 7799)?
BS 7799 was introduced in 1995 as the British Standard for information security management. It has since been adopted as an international standard, ISO 27001.
Organisations (companies, government departments, local authorities,
etc) can apply to have their security management systems assessed against
the standard by independent third parties. These ‘certification bodies’
are appointed via the Department for Business, Innovation & Skills
and authorised to issue ISO 27001 certificates. The certificate is normally
valid for three years and is dependent on periodic visits by the certification
ISO 27001 therefore enables customers to satisfy themselves that an organisation manages security effectively.
Why is ISO 27001 important?
ISO 27001 is an international yardstick by which customers, suppliers and other parties can measure the effectiveness of an organisation’s management of information security.
Rather than having to rely solely on their own judgement, ISO 27001 allows customers (at no cost to themselves) to use a qualified third party to verify whether the organisation’s security is well managed.
The fact that you have a security policy, procedures, firewalls, encryption etc tells customers that you have a security management system. Showing them an ISO 27001 certificate tells them whether it is any good.
More and more organisations are gaining ISO 27001 certification.
What does this mean for you?
As a buyer you can use ISO 27001 certification as a selection criterion.
Make sure that those suppliers who have access to your sensitive or critical
business information have an ISO 27001 certificate.
If your business involves processing customer-owned information then
you should apply for an ISO 27001 certificate. You can use this to assure
your customers that you protect their data.
Back to Information Security