ISO 27001 is the international security standard for information security management systems, or ISMS for short. The ISMS is a framework of policies that ensure all legal, physical an technical controls involved in an organisations information risk management processes. It was founded in 2005 and then updated in 2013.
So, what are the benefits of obtaining your ISO certification? If you or your organisation are unlucky enough to be targeted by a successful data breach, this policy allows you to avoid any financial penalties/losses that occurred within the data breach. With the current cost of a data breach valued at $3.86 million, this can protect you from financially devastating losses. Adding on to that, cyber attacks are becoming more and more frequent and they can cause organisations huge irreversible reputational damage. An example of this is the recent Marriot International, data thieves had stolen over 500 million customers data and spanned an incredible 4 years; the reputational damage this caused was a massive 5.6% decrease in Marriott International Inc. shares alongside a class-action suit.
We recently completed our annual ISO assessment meaning we’re still fully certified and compliant with ISO 27001, as we have been since October of 2012.
Once your organisation gets its ISO 27001:2005/13 certification you should be confident in whether you fully comply with all business, legal contractual and regulatory requirements. Especially with the recently updated EU General Data Protection Regulation (GDPR), the standard ensures adequate and proportionate security controls to help secure and protect your information.
On average it takes 3-6 months to become ISO compliant, depending on the size of your organisation. This is well worth it as your newfound certification gives you the edge over many competitors by showing that your organisation demonstrates good security practices.