ISO/IEC 27001 is an up and coming certificate for organisations to achieve. It is an important tool in becoming compliant with the General Data Protection Regulation (GDPR), because the spirit of both are strongly correlated and requirements are heavily aligned.
Article 32 of the GDPR requires organisations to, as appropriate:
- Take measures to pseudonymise and encrypt personal data.
- Ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services.
- Restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.
- Implement a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of processing.
An effective implemented Information Security Management System (ISMS) will conform to these requirements, ISO/IEC 27001 being one of those.
What is ISO/IEC 27001
ISO/IEC 27001 is an international standard which is globally recognized for managing information security through setting up and maintaining an Information Security Management System.
The standard is based on an approach that allows for the establishment, implementation, operation, monitoring, maintaining and improving of an ISMS in any given organisation.
Certifying for ISO/IEC 27001 enables an organization to showcase that it is security minded and constantly improving on several security related topics, amongst others:
- Confidentiality of information.
- Integrity of information.
- Availability of information.
- Information security policies.
- Organisation of information security.
- Mobile devices and teleworking.
- Human resource security.
- Asset management.
- Access control.
- Physical and environmental security.
- Operations security.
- Communications security.
- Internal audit.
Achieving ISO/IEC 27001 certification not only shows that the organisation ensures a secure way of working or that the organisation handles its information in a secure way, it also gives the organisation a competitive edge.
The certificate is, of course, published and publicly available for look up, which means that other organisations can see that the organisation has worked to achieve the ISO/IEC 27001 certificate and invests a continuous effort to comply with ISO/IEC 27001 for continued recertification.
This ensures other organisations, who are interested in working with the organisation, that their information will be processed in a secure environment. This instils the confidence in customers on how your organisation manages security, information, risks and the likes. It allows for enhanced customer satisfaction which will certainly result in client retention improvements.
ISO/IEC 27001 is much more than just another certificate to hang on your wall for show and tell. Your organisation will have organisational subjects properly managed and it gives you a clear business advantage considering customer trust and retention.
On top of this, your organisation will have already managed several components for other favourable certificates as well as some of the GDPR requirements.