ISO 27001 is the international standard published by the International Standardization Organization (ISO), describing how to manage information security in an organization. The latest revision of this standard was published in 2013, and its full title is now ISO/IEC 27001:2013.
The first revision of the standard was published in 2005, and it was developed based on the British standard BS 7799-2. ISO 27001 can be implemented in any kind of organization, profit or non-profit, private or state-owned, small or large. It was written by the world’s leading experts in the field of information security and provides a methodology for the implementation of information security management in an organization.
It also enables organizations to become certified, which means that an independent certification body has confirmed that an organization has implemented information security in a manner that is compliant with ISO 27001. ISO 27001 has become the most popular information security standard worldwide and is the only globally-recognized security standard in existence today.
Benefits of ISO 27001 Include:
Security7 Networks implements ISO 27001 via a 3 step process that includes Assessment, Implementation and Audits. Specifics for these steps include but are not limited to:
*Timelines shown are estimates only. Actual time is dependent upon the scope,
current security posture, and asset composition of the organization.
The steps also run concurrently.
After this process is completed and signed off on, the certification process will begin. The certification process is annual and includes a surveillance component.
The certification audit cannot be performed by Security7 Networks. Certification audits and registrations are conducted and issued by the certification body.
Have a question? Need some advice? We look forward to hearing from you!