ISO27001 Information Security Management Systems for those serious about protecting information is Easily controlled and monitored with ZEBSOFT.
An ISO27001 Information Security Management System is an essential if you are in an environment where GDPR applies to your practices to a greater extent, or where the protection of your intellectual rights is paramount.
The way in which the rules are applied is dependent on the context of your organisation. For example if you hold client data/information and develop Software as a Service, the rules will be applied in much more depth than if you only hold your own information. To avoid confusion let’s keep it simple.
Achieving IS27001 the information security management system is based around the pillars of Confidentiality, Integrity & Availability (CIA), its foundation operates in the same framework as ISO9001 however it is accompanied by the Annex A controls, these are a list of 144 controls that if applicable must be adopted and if not applicable justified as an exclusion.
ISO27001 Certified organisations include: Amazon, Microsoft, GE Digital, Hewlett Packard (HP), DELL, IBM, Zoho, Workplace (Facebook), Kongsberg,
Achieving ISO27001:2013 in simple terms here it is:
- You will have determine, produce and manage the following:
- Your method of doing things, these will be your business processes and you will show how all interact with each other
- You will need a number of policies as defined by the Annex A controls
- Objectives will need to be set for infosec across the business and be monitored and maintained.
- An explanation of your business will be required this is the context of the organisation
- To define what it is you do exactly you will create your business scope
- How your business and how it stores & processes data/information
- Managing the manufacture of safety related products where applicable
- Employees must be empowered to report infosec incidents and report non conformance
- You must communicate infosec requirements with your suppliers and customers maintaining control
- Determine the Annex A controls that apply to your operations
- Create shut down and restart procedures
- language interaction (Verbal & Machine Code)
- Work instructions and communicate them effectively
- Documented procedures & processes
- See More
- What you do within your process (Audit)
- Make corrections when things that are wrong (CAPA)
- Plan the way forward for production ad the business as a whole (Management Review)
- See More
- Know who is and why they interested in your business how to communicate with them
- Who will be communicated with, when and how by whom
- See More
