ISO 27001:2013 is an internationally accepted Standard, published on the 25th of September 2013 as a replacement of ISO 27001:2005. It outlines the requirements for the development and control of an organisation’s Information Security Management System.
The Standard consists of various clauses, including the scope, referencing method, terms and definitions, organisational context and shareholders. The other clauses deal with information security leadership and high-level support policy requirements in addition to the planning of an Information Security Management System.
The Standard furthermore deals with support of such a system and the requirements to make it operational. The two final clauses cover the system performance assessment and the necessary steps for correction. The list of controls and the relevant objectives are available in Annexure A, which forms part of the Standard.
The specification, available from the South African Bureau of Standards, provides the requirements for setting up, maintaining and improving an organisation’s Information Security Management System with the aim to ensure that specific policies and procedures are in place to protect the integrity of data and provide customers or business partners assurance of compliance with statutory regulations, as well as the requirements of the Standard.
The requirements for technical, physical and legal controls for minimisation of risk, implementation, operation and assessment of the organisation’s Information Security Management System enable companies of all sizes to reduce the risk of confidentiality breaches, data loss and corruption.
ISO 27001 follows a top-down risk minimisation approach, which entails various phases in the development of a compliant Information Security Management System. Through the use of the Standard as a guideline, an organisation can plan their security policy, define their system, review and manage identified risks. The organisation can select the relevant control objectives and develop an applicability statement.
Develop a trust relationship with your clients by complying with the requirements of the Standard. WWISE will assist you through the entire process and help you integrate an ISO 27001:2013 compliant system with your current management systems.