Services
INFORMATION SECURITY Management System
ISO/IEC 27001 is an international standard for information security management system established by the International Organization for Standardization (ISO) and the International Electro-technical Commission (IEC) and the most authoritative international certification standard in the field of information security. This covers 133 items in 11 areas related to information security, including information protection policy, physical security, and information access control.
ISO/IEC 27001 is composed of 10 items including organizational environment, leadership, planning, support, operation, performance evaluation, and improvement, and 14 control items (refer to ISO/IEC 27002 for control items). The requirements of this standard have been formulated to be general for applicable to any organization, regardless of its type, size or characteristics.
- Scope
- Normative References
- Terms and definitions
- Context of the Organization
- Leadership
- Planning
- Support
- Operation
- Performance Evaluation
- Improvement
Through ISO/IEC 27001 certification, organizations can benefit like below :
- Customer satisfaction:- Realization of customer satisfaction through protection of customer information
- Business continuity:- Secure business stability through risk management, legal compliance and vigilance on future security issues and concerns
- Compliance with laws:- Understand how legal/regulatory requirements affect you and your customers, and how to reduce the risk of legal sanctions
- Risk management:- Ensure that customer records, accounting information and intellectual property rights are protected from loss, theft and damage through a systematic framework
- Proof of business reliability:- Reliability is secured through independent verification of recognized global industry standards
- Business expansion:- Customers often require a certificate as a condition of delivery, so certification can help you expand your business.