ISO 27001 Information Security Management Systems
Information has always been a premium resource, it's always been something that has been controlled and guarded to ensure that those who shouldn't have it, don't. If you look back through the ages it's always been there, the Romans had Cursus publicus - which was their courier system, much like today's couriers these were people entrusted with special information and they were expected to keep it secret between the sender and the recipient, the penalty for not doing so was pretty serious. Move forward in time to world war 2 and you had not only morse code but also the Navajo Indian Code talkers, where these Native American Indians were able to use their little known dialect to communicate to one another without risk of the information being discovered and deciphered.
Today Information comes in many forms, written down in manuals or instruction sets, on whiteboards, held electronically on local computers, servers, in the cloud, on USB or portable hard drives, tablets, phones the list is becoming practically endless. All of these devices each capable of holding more information than previously thought possible only a few years ago, all of that information then is readily available to people to acquire should you not have the proper controls in place to prevent you losing your latest secret project, the one that will sink your competition and put millions on your bottom line.
ISO 27001 - Information Security Management Systems
The need to protect and control your information is where ISO 27001 Information Security Management Systems comes in. This standard is about mitigating the risks of people acquiring information that they shouldn't have, either by them finding it accidentally (a prime example being the New Zealand 2019/2020 budget information) or by other more nefarious means such as hacking or industrial espionage for example, which may sound like something out of a James Bond Movie, and it is, but it's also something that is with you now, every day in your organisation.
As with all the new ISO standards this one follows the new high-level structure so has the same 10 clauses that say ISO 9001 has, in fact, it goes further than that, it has the same titles as ISO 9001 and ISO 14001 and ISO 45001 and, well you get the idea. The beauty of this is that you can very easily integrate the systems and the documentation required into your existing ISO 9001 / 14001 / 18001 / 45001 systems.
Why Consider ISO 27001?
As the amount of data grows that your organisation keeps on its staff, it's customers, it's suppliers people are going to increasingly ask how will you take care of my data, indeed, it is already fast becoming a key element in tender documents for many organisations.
Having the ability to say to anyone who asks that your Information Security Management Systems are certified by an international standard instantly gives you credibility, it puts peoples minds at rest, moreover it gives you as an organisation the processes to ensure that you keep the data that you are responsible for protecting protected using sound, integrated systems that are documented and if you do them right, easily understood and repeatable.
Your 1st steps
Your biggest 1st step is simple, decide that having a proper system like ISO 27001 is important to you and start thinking about what information really is, it's way bigger than you think!. The next thing you can do is to subscribe to this blog series as we'll explore what Information Security really is about, what the requirements of ISO 27001 are really saying and what you need to do to achieve the standard and keep your information secure.
Get In Touch
If you need any support in developing or improving your ISO 27001 Information Security Management System then click here to make an appointment and find out how we can help you Make Things, Better
You can also call John on 0211649739 to set up a meeting
© Many Caps Consulting | All Rights Reserved