Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

ISO 27001 sets the standard

Pitney Bowes Management Services : 20 January, 2009  (Technical Article)
Pitney Bowes provides insight into ISO 27001 certification and the reasons why companies should aspire to achieving it
Information is critical to the operation and perhaps even the survival of organisations. Whilst a growing number of businesses are working towards information security accreditation, there is still considerable scope for improvement as far as awareness and adoption of standards is concerned. The Information Security Breaches Survey is conducted every two years on behalf of the Department for Business, Enterprise and Regulatory Reform and the most recent findings reveal that information security best practice amongst UK plc is far from widespread.

In fact, 79% of those responsible for security in UK businesses are not aware of the contents of information security standards BS 7799 and ISO 2700. Of course, there is some irony in referencing figures from the UK Government which, itself, has hardly been a paragon of responsibility and excellence regarding matters of information integrity. However, the figures should not be overlooked, revealing a disturbing lack of strategic planning and information security insight.

In simple terms, ISO 27001 is the only auditable international standard that defines the requirements for an Information Security Management System (ISMS). The standard is designed to ensure the selection of adequate and proportionate security controls. ISO27001 accreditation acknowledges that an organisation has developed and implemented a comprehensive Information Security Policy, ensuring confidentiality, integrity and accessibility of all corporate and customer information.

Information is a significant asset to any business and needs to be securely identified and managed. This is becoming ever more important with increasing regulation and the drive towards greater operational transparency.

ISO 27001 is suitable for any organisation, large or small, in any sector or part of the world. The standard is particularly suitable where the protection of information is critical, such as in the finance, health, public and IT sectors, helping to encourage more business. ISO 277001 is also highly effective for outsourcing organisations (such as Pitney Bowes Management Services) that manage information on behalf of others. Customers can be assured that their information is being robustly protected - again, a vital consideration in developing existing customer relationships and in winning the trust of prospects.

Aside from these advantages there are many common benefits to ISO 27001 standardisation - benefits which play across the broader business environment. These can be summarised as follows:

Interoperability - A general benefit of standardisation, the idea is that systems from diverse parties are more likely to fit together if they follow a common roadmap.

Due Diligence - Compliance with, or certification against, an international standard can be a useful management tool with which to demonstrate due diligence.

Assurance - Senior management can be assured of the quality of a system, business unit, or other entity, if a recognised framework or approach is followed.

Bench Marking - Organisations often use a standard as a measure of their status within their peer community. It can be used as a bench mark for current standing and progress.

Awareness - Implementation of a standard such as ISO 27001 can often result in broader security awareness throughout an organisation.

Alignment - Because implementation of ISO 27001 tends to involve both business management and technical staff, greater IT and Business alignment often results.

Certification to ISO 27001 can help organisations manage and protect their business critical information assets and can convey the necessary confidence to any interested parties, especially customers. Not only this, the implementation of standards can reveal hitherto hidden inefficiencies and can help to drive general best-practice processes.

Recent high-profile media coverage of data-loss scandals has raised the general level of awareness about the need for greater security around information. There is a demand for businesses in both the B2B and B2C sector to implement rigorous processes. Those failing to do so run the risk of alienating today's demanding, compliance-savvy consumer and business audiences.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo