NEW ISO 27001 STANDARD FOR CERTIFICATION OF INFORMATION SECURITY

MEANING AND SCOPE:

The Standard refers to the Design and Installation of a Management System for Information Security in the ISO 27001 standard and the receipt of the certificate by a certification body of your choice.

The ISO 27001 is a specification for managing information security. It applies to all sectors of industry, trade and services and its application is not limited to information stored on PCs

Addressed to the security of information in any way if they met. Information may be recorded or printed on paper, may be stored electronically can be sent by regular or electronic mail may be presented in film or expressed orally in debates.

Whatever form the information in any way and whether they shared or stored, the ISO 27001 helps an organization to protect them adequately.

METHODOLOGY FOR DEVELOPING THE SYSTEM:

• Survey the current situation – Creating a framework of information management.
• Identify and evaluate the security risk. Guidance and determination of appropriate action to manage the risk of information security.
• Selection and implementation of controls and audit processes to ensure risk reduction to acceptable levels, which is consistent with the objectives set for safety.
• Introducing and implementing the system. Implement a training program aimed at informing employees.
• Internal inspection system and possible corrective preventive actions to improve the power system.
• Certification system for the ISO 27001 standard by certification bodies.
• Monitor the system.

ADVANTAGES OF CERTIFICATION:

• It demonstrates that the company has faced, implement and monitor information security.
• Stimulates the trust of customers, employees, partners, stakeholders and all other stakeholders with the knowledge that the management of information and registered are safe.
• Displays a major credibility and trust.
• It can lead to significant cost reduction. Even a loss of information can result in significant expenses and costs.
• Indicates that the relevant laws and regulations are observed.
• Ensure that there is a commitment to information security for all and at all levels of the organization.

OBJECTIVES OF CERTIFICATION FOR ISO 27001:

• Confidentiality: Ensuring that access to information is appropriately authorized.
• Integrity: Safeguarding the accuracy and completeness of the information, and methods of treatment.
• Availability: Ensuring that authorized users have access to information when they need it.