ISO 27001, Information Security Management Systems, is designed to ensure the security of information technology.
The standard is applicable to all types of organizations, including government institutions, commercial organizations and not-for-profit agencies. It describes the requirements for operating, monitoring, establishing, implementing, reviewing, maintaining and improving a documented information security management system.
A well implemented Information Security Management System is a business tool that reduces risk to your information assets by:
- Integrating the organization's information security/information technology programs
- Systematically examining the organization security risks, including impacts, threats and vulnerabilities
- Aligning information security with your overall business objectives
- Ensure customer records, financial information and personal information is protected from loss, theft and damage through a systematic framework.
- Complying with legal, statutory, regulatory and contractual requirements.