ISO 27001

Protecting your information is critical for the successful management and continuity of your organisation. The ISO 27001 standard will help you to manage and protect your valuable data and information assets. ISO 27001 sets out the requirements for an Information Security Management System (ISMS).

An ISMS is the way in which, in the case of ISO 27001, an organisation can control their information security. It is a systematic approach to managing sensitive company information so that it remains secure. An ISMS includes people, processes and IT systems by applying a risk management process. A company can set up an ISMS themselves, under the obvious condition that they comply with the requirements of ISO 27001. ISO 27001 does not mandate specific information security controls, but it provides a checklist of controls that should be considered.

The standard ISO 27001 covers almost the entire spectrum of information security, however it’s depth is limited when it comes to privacy protection. An ISO 27001 certificate is therefore not sufficient to comply with the General Data Protection Regulation (GDPR). But organisations that already comply with the GDPR can certainly derive added value through an ISO 27001 certificate, because information security is more thoroughly covered.

Third-party accredited certification is recommended for ISO 27001 conformance. This simply means that an independent organisation will look over your processes to verify that you have properly implemented the ISO 27001 standard. Kiwa can help you with this certification process. More information about our ISO 27001 certification service.