ISO 27001 – Information & Data Security
Data is one of the most valuable assets any business has today. Our dependence on information systems and services means organisations are more vulnerable to security threats than ever before. Keeping your data secure – whether its customer, staff or supplier data – is critical in most businesses, but most especially those dealing with sensitive data. Data security is a hot topic in the media so ISO 27001 not only protects your business against hackers but also safeguards your reputation.
What is ISO 27001?
ISO 27001 sets out the requirements of information security management systems. It is part of the ISO 27000 family of standards relating to information and cyber security and offers a comprehensive set of controls, based on best practice in information security.
Similar to the other management standards, it is suitable for organisations of all sizes. 70% of small businesses believe they are not a target for any data theft or misuse; it is a problem for either larger businesses or only those in the financial sector – this is simply not true.
Any business holding data on individuals or companies can be a target for fraud, theft, misuse or abuse, resulting in a long lasting loss of reputation and if a company’s systems are found negligent at keeping data secure, then it can result in prosecution.
Every business believes they have insurance to cover eventualities such as fraud and theft, but they don’t realise they also owe a duty of care which if not exercised can lead to any insurance claim being declined.
How will ISO 27001 help my business?
At the most simple level it will give your clients and suppliers the confidence to trust your organisation with the safe keeping of their data. It demonstrates corporate due diligence and shows compliance with regulatory and contractual requirements regarding data security, privacy and IT governance.
In common with the other management standards ISO 27001 is not a one-off exercise. Regular audits ensure your organisation continues to meet its obligations regarding data security and keeps your staff focused on the importance of complying with standards.
ISO 27001 helps organisations to treat data security seriously, putting in systems and processes to guard against the risk of security breaches or misuse of data. It works with your business and the kind of data it holds, whether that is bank account details, staff records, passwords, or client confidential information.
Why do I need certification?
Independent audit is a critical part of the ISO concept as it adds objectivity and credibility into the process. Self-regulation is critical for the ongoing success of any ISO, but it is independent audit that proves without a doubt that the ISO standard has been properly embedded throughout your organisation.
How does my business gain ISO 27001 certification?
Most businesses start their ISO journey with 9001 as this puts into place quality management systems and processes which can be further developed to incorporate data security or other standards.
How can IMSM help my business gain ISO 27001 certification?
Our experienced assessors work with the systems and processes in your business, to ensure the implementation of ISO 27001 really does fit the way your organisation uses its data. With a fixed fee and flexible approach, our assessors are focused on making standards work in your business.
The certification process is very similar to ISO 9001, working on the principles of:
“Say What It Does” – document day to day operating procedures and systems
“Do What It Says” – work in accordance with those procedures and systems
“Prove It” – with a certification audit which confirms, from records, that the procedures and systems meet the requirements of ISO 27001 and are operated in accordance with the standard.
For a free Quotation or On-Site presentation by an ISO Specialist, contact us today!
IMSM Kenya Ltd