ISO/IEC 27001 - information security management system
Improve compliance with data protection requirements and reduce risks related to personally identifiable information.
Certification of your information security management system demonstrates your commitment to proactively manage and protect your information and assets and ensure compliance with legal requirements.
ISO 27001 details requirements for establishing, implementing, maintaining, monitoring and improving an organization’s information security management system.
What is ISO/IEC 27001
ISO/IEC 27001 is now the most recognized international standard for information security management systems.
- It assists organizations to establish information security management policy and objectives and understand how significant aspects can be managed, implement necessary controls and set clear objectives to improve security of information.
- It allows an organization to manage its obligation to comply with applicable legal requirements such as GDPR (in conjunction with ISO 27701) and to regularly check the compliance status. This permits a continual improvement of the system to ensure protection and address vulnerabilities.
- It takes a comprehensive approach to information security. Assets that need protection range from digital information, paper documents, and physical assets (computers and networks) to the knowledge of individual employees. Issues to address range from competence development of staff to technical protection against computer fraud.
ISO 27001 is designed to be compatible and harmonized with other recognized management system standards. It is therefore ideal for integration into existing management systems and processes.
Benefits of becoming certified
The standard takes a comprehensive approach to information security and protecting assets.
ISO/IEC 27001 will help you protect your information in terms of the following principles:
- Confidentiality ensures that information is accessible only to those authorized to have access;
- Integrity safeguards the accuracy and completeness of information and processing methods;
- Availability ensures that authorized users have access to information and associated assets when required;
- Technical protection against computer fraud.
Getting started
To obtain certification, you need to implement an effective information security management system complying with the requirements of the standard.
DNV is an accredited third-party certification body and can help you throughout the journey. We provide relevant training, self-assessments, gap analysis and certification for your information security management system.
Learn more about how to get started on the road to certification.