ISO 27001:2013
Type of Certification: Information Security
Name: ISO 27001: 2013 Information Security Management Systems
Description:
In the era of this new normal, with organisations embracing the challenges of physical distancing and working from home, managing and ensuring security of information assets has become key priority area for many organisations across the world. The ISO 27001:2013 Information Security Management System (ISMS) allows organisation to understand its information security needs and requirements, assess and evaluate the risks related to information security as well as put in place the necessary interventions to manage and mitigate these risks.
Main Components:
ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system which is tailored to the needs of the organisation. It also includes requirements for the assessment and treatment of information security, and will enable organisations to manage the security of assets such as financial information, intellectual property, employee details as well as third party information.
Who should be certified:
The standard is generic in nature and can be applicable to all organisations, regardless of type, size and nature.
Benefits:
- preserves the confidentiality, integrity and availability of information within a structured systematic manner
- Builds trust and gives confidence to internal and external parties that information security risks are adequately managed.
- Ensures organisation’s compliance with the laws and regulations, and provide due diligence defence in court.
- Organises organisation’s processes.
- Promotes positive behaviour, emphasising teamwork and efficiency.