Professional Documents
Culture Documents
Iso 27001
Iso 27001
Iso 27001
The standard was originally published jointly by the International Organization for
Standardization (ISO) and the International Electrotechnical Commission (IEC) in 2005
and then revised in 2013. It details requirements for establishing, implementing,
maintaining and continually improving an information security management system
(ISMS) – the aim of which is to help organizations make the information assets they
hold more secure.
ISO 27001 is the internationally recognized and respected standard that determines if a
company is following information security best practices. This completely neutral
standard applies an exacting, risk-based approach to determine the security of data in
an organization, assessing IT structure, processes and people.
What is ISMS
Having an established ISO 27001 compliant ISMS helps you manage the confidentiality,
integrity, and availability of all corporate data in an optimized and cost-effective way.
The image below is the official logo of ISO 27001 and some certified companies like
Converge ICT put this on their website to let the visitor/user know that the company is
more than serious about implementing data security and user’s information.
Why ISO is important
Corporate data breaches reports constantly hit new headlines, which serve to remind us
that nowadays our information is unsecured more than it’s ever been before. In 2015,
data breaches, cybercrimes, and hacking were top business issues that garnered much
media attention and compromised the integrity of many companies.
None of the hacked companies were certified against ISO 27001 at the time of the data
breach.
The data breach crisis escalated last year, as more records were compromised in just
12 months than in the previous 15 years combined.
This was often at the expense of cybersecurity and bypassed longstanding corporate
policies, leaving many exposed to exploitation by highly organized and sophisticated
threat actors, as well as other more opportunistic hackers.
In November, Microsoft said at least nine health organization including Pfizer had been
targeted by state-backed organization in North Korea and Russia.
It said that Fancy Bear from Russia and Zinc and Cerium from North Korea are the
responsible groups. They are targeting vaccine information using brute force and
phishing tactics posing as the World Health Organization trying to trick employees into
handing over their login credentials.
ISO 27001 is a management standard that was initially designed for the certification of
organizations. The system works like this: a company (or any other type of organization)
develops their Information Security Management System (ISMS), which consists of
policies (e.g., Information Security Policy), procedures (e.g., risk assessment), people
(e.g., internal auditor), technology (e.g., cryptography), etc., and then invites a
certification body to audit whether their ISMS is compliant with the standard. If the
certification audit is successful, then their ISMS is certified against ISO 27001.
What Google, Facebook, Amazon, Microsoft, Apple, Atlassian, Github, GitLab have in
common?
They are all ISO 27001 certified. This makes them worthy of keeping our sensitive
information. In the Philippines companies like Globe, PLDT, Converge, BDO are also
certified.
Having ISO 27001 certified will give your clients confidence that you treat their
information to a serious level. It demonstrates corporate due diligence and shows
compliance with regulatory and contractual requirements regarding data security,
privacy and IT governance.
https://www.convergeict.com/about-us/
https://smart.com.ph/About/newsroom/press-releases/corporate/2020/12/02/pldt-smart-
leads-in-asia-and-emerging-markets-ranks-4th-worldwide-in-world-benchmarking-
alliance-s-report-on-digital-inclusion
https://m.mobilelegends.com/en/newsdetail/475
https://www.itgovernanceusa.com/iso27001
https://pecb.com/whitepaper/no-iso-27001-certified-companies-among-largest-data-
breaches-2014-2015
https://www.bbc.com/news/technology-54936886
https://advisera.com/27001academy/iso-27001-certification/