What is ISO 27001:2013

Many, if not all organisations, will have security safeguards and counter measures in place to protect their information assets. But there is a tendency for this to be haphazard, disorganised and disjointed.

This is where an information security management system (ISMS) is beneficial. If companies wish to bring information security under managed control - ISO 27001 specifies a management system to do just that.

ISO 27000 is a family of standards that helps organisations keep data secure. It assists with managing the security of:

· financial information

· employees details,

· Intellectual property such as patents and trade secrets etc... There are over a dozen standards within the 27000 family however 27001 is the best known standard.

The 27001:13 is a version published in Sept 2013, replacing the older 2005 version. ISO 27001:13 consists of a set of mandatory requirements. Organisations that meet the requirements will have to be successfully audited and then certified by an accredited certified body.

For more information on building an effective ISMS, navigating the complexities of internal and external audits or what is required as evidence, why not get in contact with Security Sumo.