Top 5 Facts About The Iso 27001 Standard
The ISO 27001 standard has finally been released and published officially. This means that those who have gotten an ISO 17799 certification way before the present standard can already review such standard and adjust with the ISO 27001 implementation.
The ISO 270001 standard, which defines the contents of a system for information security management, generally compliments or supplements the previous ISO 17799 standard which has been previously released.
Here are some important facts about the ISO 27001 standard which concerned businesses should take note of if they want to remain competitive.
1. The ISO 27001 version, which was published officially in 2005, is only the first among the ISO 27000 series but it is by far the most significant considering that it defined the system. 2. The ISO 27001 has been harmonized so it compliments and is compatible with ISO 17799 (also known as ISO 27002), ISO 14000 and ISO 9000. However, each of them has their own function. 3. Organizations or establishments that are already compliant with the provisions of ISO 27002 can opt for certification although the fact that they have been certified under ISO 27002 means they can meet the provisions of the present standard, Those seeking certification for ISO 27001 can contact the various certification bodies that have been accredited. 4. ISO 27001 is the first of a series and organizations can expect a long list from the ISO 27000 series including the following:
· ISO 27003 which contains the new guide to the implementation of the ISMS
· ISO 27004 which contains the new standards set for the measurement of information security as well as metrics
· ISO 27005 which contains a list of the suggested standard for managing risks
· ISO 27006 which contains the guidelines to be followed for the registration and certification process
· ISO 27007 which contains the guidelines to be followed in the audit of systems for information security management
· ISO 27799 which contains the guidelines to be followed by the health sector when complying with ISO 27001 5. ISO 27001 has been translated and published in different languages but the information contained in all the versions should be the same as the original version. Companies seeking certification for ISO 27001 should take note of the two-stage process being implemented. The first stage involves a review of the security policy, risk treatment plan and statement of applicability of the organization. The second stage is a detailed auditing which involves the testing of the effectiveness of the controls indicated in the documents reviewed during the first stage. So what do businesses get from becoming ISO 27001 certified? Aside from savings in terms of operational costs, companies can also get more clients as they build a credible reputation of being ISO 27001-compliant even for worldwide transactions. There are cases when some companies deal only with organizations that have been certified by a certain standard and at this point in time, ISO 27001 is the standard to reckon with no matter where you do business. The good thing about ISO 27001 is its relevance to all types of businesses from small, medium to large scale businesses including but not limited to banks and telecommunication companies.
| 