english English German German Arebic Arebic
eca_logo CONTACTUS
ISO 27001:2005
shadow
MAIN LINKS
     ISO 9001:2008
     ISO 14001:2004
     OHSAS 18001:2007
     ISO 22000:2005
     ISO 27001:2005
     ISO 13485:2003
MAIN LINKS
 
Enter YourRegisteration Number
 
ISO 27001:2005
EMS
Why is Information Security Needed?

Information is now globally accepted as being a vital asset for most organizations and businesses. As such, the confidentiality, integrity, and availability of vital corporate and customer information may be essential to maintain competitive edge, cash-flow, profitability, legal compliance and commercial image. ISO 27001 is intended to assist with this task. It is easy to imagine the consequences for an organization if its information was lost, destroyed, corrupted, burnt, flooded, sabotaged or misused. In many cases it can (and has) led to the collapse of companies.

ISO 27001 is a specification for the management of Information Security.

It is applicable to all sectors of industry and commerce and not confined to information held on computers. It addresses the security of information in whatever form it is held. The information may be printed or written on paper, stored electronically, transmitted by post or email, shown on films, or spoken in conversation. Whatever form the information takes, or means by which it is shared or stored, ISO 27001 helps an organization ensure it is always appropriately protected.

Information security can be characterized as the preservation of:

Confidentiality- ensuring that access to information is appropriately authorized.

Integrity- safeguarding the accuracy and completeness of information and processing methods.

Availability- ensuring that authorized users have access to information when they need it.

 

ISO 27001 contains a number of control objectives and controls. These include:

Security policy.

Organizational security

Asset classification and control.

Personnel security.

Physical and environmental security.

Communications and operations management.

Access control.

System development and maintenance.

Business continuity management.

Compliance.

Asset classification and control.

 

Benefits:

The following is a list of potential benefits. As with many items on this website, this is an ongoing project. Please feel free to add further points via the comments option below.

 

Interoperability: This is a general benefit of standardization. The idea is that systems from diverse parties are more likely to fit together if they follow a common guideline.

 

Assurance: Management can be assured of the quality of a system, business unit, or other entity, if a recognized framework or approach is followed.

 

Due Diligence: Compliance with, or certification against, and international standard is often used by management to demonstrate due diligence.

 

Bench Marking: Organizations often use a standard as a measure of their status within their peer community. It can be used as a bench mark for current position and progress.

Awareness : Implementation of a standard such as ISO 27001 can often result in greater security awareness within an organization.

 

Alignment: Because implementation of ISO 27001 (and the other ISO 27000 standards) tends to involve both business management and technical staff, greater IT and Business alignment often results.


 
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28
 
 

iso_17025 I ce_marking I awareness_programs I product_certification I medical_device I pressure_equipment I lifts I construction_material I lvd I emc management_system_certification I iso_9001_2008 I iso_14001_2004 I ohsas_18001_2007 I iso_22000_2004 I iso_27001_2005 I iso_13485_2003 I testimonials

 
All Rights reseved - www.eca.net.in