ISO 27001:2013 is an information security standard that was published on the 25th September 2013. It supersedes ISO 27001:2005, and is published by the International Organization for Standardization (ISO). It is a specification for an information security management system (ISMS). Organisations which meet the standard may be certified compliant by an independent and accredited certification body on successful completion of a formal compliance audit.”
ISO/IEC 27001 is the only auditable international standard which defines the requirements for an Information Security Management System (ISMS). An ISMS is a set of policies, procedures, processes and systems that manage information risks, such as cyber attacks, hacks, data leaks or theft.
"Audits are about controls – you need to demonstrate that those controls are in place, documented, enforced, reevaluated and tested against regularly."
Following a four step process cycle called PDCA, Plan, Do, Check, Act; ISO 27001 chalks out integration of security policies into the system itself.
Plan-
- Establishing procedures for Network Security
- Implementation and integration of established procedures
- Monitoring of processes and their outcomes
- Corrective and preventive actions as needed
Approach:
Cibernetica have an established approach based on our experiences across many different sectors.
From helping to achieve senior management buy-in and reporting for your ISMS, through implementation and providing practical support during and after your audit, our proven approach ensures that you build an ISMS that is appropriate and beneficial to the needs of your business.
Our Support:
- Strategize, build, and certify a robust and effective Information Security Management System (ISMS).
- Cibernetica experienced auditor will work with you from ISMS Scoping to onsite Certification Audit Support.