Understanding Iso Compliance
Though globalization has opened up new markets and avenues for businesses to grow and expand
, it has also increased security risks manifold. In this age,as companies and organizations depend largely on technology to carry out their various business activities, their greatest risk would definitely be information security risks. Hence, it necessitates the need for a code of practice or set of standards in place to effectively manage the privacy, integrity and accessibility of information assets and thereby reduce information security vulnerabilities. The International Organization for Standardization (ISO)and the International Electrotechnical Commission (IEC) hope to achieve this with the promulgation of ISO/IEC 27000-series also known as the ISMS Family of Standards or simply ISO 27K series.
ISO is the worlds largest non-governmental, voluntary organization for developing and publishing universal industrial and commercial standards while IEC is a non-governmental, non-profit organization preparing and publishing international standards for all electronic, electric and related technologies. These organizations have come together to help companies and organizations in having an overall management and control framework to deal with information security risks.
Today it has become imperative that companies and organizations must achieve
ISO compliance particularly ISO 27001 and ISO 27002 if they want to minimize information security risks. Those companies that do not comply with ISO 27001 and ISO 27002 compliance guidelines would have to face severe consequences such as financial losses, harsh penalties, loss of brand reputation, lossand loss of investor confidence and so on.Let look at the two standards in detailbrief.
ISO/IEC 27001
An Information Security Management System (ISMS) standard published in 2005, it details the requirements for the establishment, implementation, monitoring and review, maintenance and improvement of a management system for managing an organization's information security risks.As per this standard, the company management must
1. Assess the information security risks, vulnerabilities, threats and impacts systematically
2. Deploy sound and comprehensive information security controls to address the information security risks effectively
3. Ensure that the implemented information security controls continue to meet the security needs of the company
ISO/IEC 27002
It is a code of practice for initiating, implementing and maintaining an information security management system. In its introduction it states Information can exist in many forms. It can be printed or written on paper, stored electronically, transmitted by post of using electronic means, shown on films, or spoken in conversation. Whatever form information takes, or means by which it is shared or stored, it should always be appropriately protected. The
ISO 27002 consists of 12 sections with each section specifying the information security controls and its objectives.
Though ISO/IEC 27001 and ISO/IEC 27002 are two different standards, they are always used together.Though compliance to ISO 27001 and 27002 is a complicated process, companies and enterprises can achieve it through ISO
compliance management software easily, quickly and accurately.
by: Gladeyas
Things To Consider When Contracting Virtual Staff Try Out These Ways To Make An Efficient Move Scrubbers Faqs The Features Of A Breville Juicer Why It Is Mandatory To Hire Zen Cart Developer? Falcon Ute A Great Idea For A Comfortable Driving Yoga For Beginners: The Basics Why Not Rent Shared Office Space For Your Company? Make Lifestyle Changes With Mirch Lifestyle! Volunteer Abroad For An Unforgettable Gap Year Benefits Of Living In Arizona Limos Alive Does Prom Best Pattered Bathing Suits Is Actually Hot In 2012