Scribd Logo
Upload

Welcome to Scribd!

  • Benefits of Iso27001 White Paper PDF

    Uploaded by

    Anil Kumar
    96 views3 pages

    Original Title

    benefits-of-iso27001-white-paper.pdf

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    96 views3 pages

    Benefits of Iso27001 White Paper PDF

    Uploaded by

    Anil Kumar

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    Technical Whitepaper

    The benefits of ISO 27001

    Key benefits

    ISO 27001:2013 is the standard for Information It improves enterprise security


    Security Management; it is part of the ISO 27000 Whether the organisation using ISO 27001
    family of standards which helps organisations keep decides to go for full certification or not,
    information assets secure. Adopted by thousands ISO 27001 brings with it a systematic examination
    of organisations across the world, its implementation of the organisations information security risks,
    puts in place a systematic approach to managing taking account of the threats, vulnerabilities and
    sensitive organisational information, ensuring it impacts that are unique to that organisation.
    remains both secure and available. It is a broad It provides a framework for the selection and
    standard covering process, personnel, physical implementation of a coherent suite of information
    and technical security. security controls and/or other forms of risk
    ISO 27001 specifies the requirements for establishing, treatment to address those risks that are deemed
    implementing, maintaining and continually improving unacceptable to that individual organisation.
    an Information Security Management System (ISMS). It also brings with it a continual improvement
    There are three key issues to note about the standard: ethos to ensure that the risk treatments continue
    1. Its generic requirements mean that it is applicable to meet the organisations individual information
    to all organisations, regardless of size, type or nature. security needs on an on-going basis.
    However, you tailor it to the exact needs of your It is an independent, unbiased measurement
    organisation through the information security of the actual information security state
    controls that you select to implement within
    your Information Security Management System. One of the major drivers for organisations to
    work towards certification is that the standard
    2. It takes a flexible, risk-driven approach. provides an internationally recognised, externally
    3. It is dynamic it focuses on continual improvement assured, quality mark for Information Security
    and helps the organisation keep ahead of changes Management. ISO 27001 is the industry yard stick
    both within and outside the organisation. that most Information Security Management
    There are a number of clear business benefits activity is measured against.
    in adopting ISO 27001, either as best practice External assurance is provided to both the
    or by formally certifying against it. This whitepaper customer and the organisations management
    explores those benefits and outlines the steps on the actual state of the organisations
    towards achieving certification. Information Security Management System.
    External, qualified ISO 27001 auditors impartially
    review and assess the organisations Information
    Security Practices, policy procedures and their
    operation against the standard.
    This provides a clear, unbiased, scientific view
    of the actual state of the present Information
    Security Practices.

    2015 Capita PLC All rights reserved


    2015 Capita PLC All rights reserved
    Technical Whitepaper

    It increases customer confidence The process of creating the documentation


    takes the organisation through a number of vital
    ISO 27001 certification gives service consumers and
    steps, including:
    customers an easily recognisable security hallmark.
    Using the ISO 27001 logo on company literature  nderstanding the organisations security
    U
    is a continual reminder to potential and existing customers landscape and practices
    that demonstrates commitment to information security Identifying the business drivers for implementing
    at all levels of the organisation. The certification and maintaining an effective Information Security
    demonstrates credibility and trust. Management System and the benefits
    It reduces customer and supply chain audit of achieving ISO 27001 certification
    ISO 27001 certification reduces third party scrutiny  efining the scope of the Information Security
    D
    of your Information Security Management by customers Management System and the risk management
    and the wider supply chain. It provides assurance to approach you will take
    customers that their information is appropriately protected S electing the appropriate information security
    and, as such, reduces the need to undertake time consuming controls from the standard in order to create
    and costly onsite security audits reducing time and cost for a Statement of Applicability (SoA)
    both parties.
     sing the Statement of Applicability (SoA) to
    U
    It provides market differentiation create a risk treatment plan, which describes your
    Holding an ISO 27001 certification is an increasing information security objectives and how you will
    requirement to do business in many different verticals, achieve them
    especially when processing any type of personal or sensitive P utting in place effective information security
    data. The achievement of ISO 27001 will differentiate two awareness and training programmes
    competing organisations in the market place, providing
    a valuable competitive advantage. Whether or not you choose to apply for
    certification, these steps will provide your
    Increased legislative and regulatory compliance organisation with:
    ISO 27001 supports compliance with relevant laws such  clear strategic approach and management
    A
    as the Data Protection Act 1998 and software copyright commitment to information security with defined
    legislation. This in turn reduces the risk of facing information security objectives
    prosecution and fines.
    S pecific information security
    An organisations liability in security incidents may responsibilities defined
    be reduced if it is certified ISO 27001 compliant. Under
    the Data Protection Act 1998, organisations are obliged E stablished Information Security Management
    to have an institutional framework designed to ensure System processes that are repeatable and that
    the security of all personal data. As ISO 27001 is the drive continual improvement
    current international benchmark for Information Security  clear approach to risk assessment
    A
    Management, it is increasingly recognised that and management
    compliance with the standard is supportive evidence E ffective information security
    of adequate security. awareness programme(s)
    Considerations and outcomes
    To achieve ISO 27001 certification, an organisation must
    produce documentation that demonstrates that it has
    developed an Information Security Management System
    that complies with the standard. Organisations should
    consider producing most of this documentation even if they
    are not going for certification as it provides a best practice
    approach for compliance as well.

    2015 Capita PLC All rights reserved


    2015 Capita PLC All rights reserved
    Technical Whitepaper

    The certification process


    ISO 27001 certification involves two audits, each
    undertaken by an independent external auditor.
    Stage one: Desktop documentation audit
    This involves an assessment of your documented
    Information Security Management System to
    determine whether your documentation meets the
    requirements of the standard. You will be advised of
    any problems and will have the opportunity to rectify
    them before being reassessed. Once the auditor is
    satisfied that the documentation meets the standard,
    you can move on to the second audit.
    Stage two: Implementation audit
    This audit involves assessing whether your
    implementation of your Information Security
    Management System conforms to your
    documentation. Again, if the auditor finds errors with
    your implementation, you will have the opportunity
    to take corrective action and then be reassessed.
    If the auditor is satisfied with his/her findings you
    will be granted ISO 27001 certification.
    Your certification is maintained through annual
    surveillance audits and a full assessment every
    three years.
    Capita provides a complete service to assist
    clients with ISO/IEC 27001, from assessing
    current compliance to preparing for certification.
    Offering a Security Consultancy that is itself
    certified to ISO/IEC 27001, we fully understand
    what is required to achieve certification and,
    importantly, how to maintain it.

    Nathan Cooper
    Lead Information Security Consultant

    For further information about these services please contact:


    Email: marketing.itps@capita.co.uk | Tel: +44 (0) 8456 077466
    www.capita.co.uk/itprofessionalservices
    2015 Capita PLC All rights reserved
    2015 Capita PLC All rights reserved

    You might also like