ISO 27001 – INFORMATION SECURITY WITH A SYSTEM
 | "Our customers rely on us to operate a highly secure data center. The certification acc. to ISO 27001 is a visible proof. " Johann Ehm, Managing Director Danube IT Services GmbH
|
Safe framework, personalized and customized design: The comprehensive framework of the Certification Standard ISO/IEC 27001 and the Implementation Guide ISO/IEC 27002 makes it possible to establish an information security management system for (ISMS) “of a piece”. The structured process approach helps to avoid problems caused by gradual single actions. Security gaps are assessed and minimized systematically. Risk analysis shows the specific security needs of an organization, profitability being an important criterion for implementing measures.
From implementation to certification
ISO 27001 deals with establishing and documenting an ISMS. ISO 27002 includes information on more than 130 security measures (controls). The standard enables organizations of any size and sector to measure and control information security and to audit it internally for purposes of self-inspection. Review of the ISMS performed by an independent accredited organization, such as CIS, will lead to ISO 27001 certification according to a defined certification procedure.
Unique worldwide: the Certificate
ISO 27001 is the only standard for information security worldwide that is certifiable and thus offers real competitive advantages and saves single evidence. Sector and topic specific supplementary standards of the ISO 27k Series, which are continually being further developed, serve as an implementation aid. As for the contents, ISO 27001 does not only include aspects relating to technical IT security but also organizational, personal and physical aspects, which range from people awareness to fire protection. Information security starts on one’s own desk and ends in the fail-proof computing centre.
Structure of the main chapters of ISO 27001:2013
Context of the organization, Leadership, Planning, Support,
Operation, Performance evaluation, Improvement.
The 14 chapters of ISO 27002:2013 / ISO 27001 Annex A
Security Policies
Organisation of information security
Human resource security
Asset management
Access control
Cryptography
Physical & environmental security
Operations security
Communications security
System acquisition, development and maintainance
Supplier relationships
IS incident management
IS aspects of business continuity management
Compliance
Up-to-date: thanks to continual improvement
Companies certified acc. to ISO react to changing requirements proactively: The continual improvement process (CIP) helps to permanently adapt the internal actual state to a desired state, which is being revised periodically. Thus certified companies are highly flexible – always to the state of the art relating to technical and organizational possibilities.