Information Security Management System ISO/IEC 27001
Information Security Management System (ISMS) such as the ISO / IEC 27001, is a systematic process of policies, planning activities, responsibilities, procedures, processes and resources aimed at minimizing the risk associated with information assets your organization.
The information, along with the processes and systems that make use of it, are very important assets of an organization. Confidentiality, integrity and availability of sensitive information can become essential to maintain levels of competitiveness, profitability, legal compliance and corporate image necessary to achieve the objectives of the organization and ensure economic benefits.
Information and support systems that are exposed to an increasingly large number of threats, taking advantage of any existing weaknesses, be subjected to critical information assets to various impacts.
To ensure that information security is managed properly, you must use a systematic, documented and known throughout the organization process, from a business risk approach. This process is what is the ISO / IEC 27001 (ISMS)
- At the organizational level-Commitment: It Guarantees and demonstrates the effectiveness of the efforts to keep the organization secured. Facilitates integration with management systems: ISO 9000 and ISO 14000.
- At legal level -Compliance with legal and contractual Requirements: Enables compliance with all applicable laws and regulations in the scope and guarantees the fulfillment of contracts with third parties.
- At functional level – Risk-Management: Provides a better understanding of information systems, their vulnerabilities and means of protection. Guarantees the best availability of the assets of your organization.
- At commercial level- credibility and trust: Partners, shareholders, customers can see the importance the organization attaches to the protection of assets and information. Achieving the certification provides a differentiation on competition and the market. Some tenders are already beginning to ask an ISMS certificate.
- At financiallevel – Cost Reduction: Related to solving unforeseen security incidents.
- At human level – Improvements: Personnel awareness and increasing security responsibility.