Who is ISO 27001 applicable to?

ISO 27001 is applicable to any organisation where the misuse, corruption, or loss of its business or customer information could result in major commercial prejudice.

Organisations involved in storage and warehousing, secure destruction, telecommunications, advertising, financial outsourcing and software development activities can adopt this standard.

About Standard ISO 27001

• ISO 27001 is the international standard for Information Security Management Systems (ISMS).
• It is based largely upon the previously adopted BS 7799 used commonly since 1995 for managing information security.
• ISO 27001 provides the framework for a technology neutral, vendor-neutral management system that enables an organisation to assure itself that its information security measures are effective.
• This includes the continued accessibility, confidentiality and integrity of its own information and that of its stakeholders as well as legal compliance.
• Implementation of ISO 27001 is an ideal response to legal requirements and potential security threats such as:
  • Vandalism / terrorism
  • Fire
  • Misuse
  • Theft
  • Viral attack

Whilst modern communication mediums mean that most ISMS systems are focused on ICT, ISO 27001 is equally applicable to other forms of information, such as paper records, images, and even conversations.

This standard includes major requirements of Information Security characterized such as

• Confidentiality – Ensuring that access to information is properly authorised
• Integrity – Safeguarding the accuracy & completeness of information & processing methods
• Availability – Ensuring that authorised users have access to information when they need it