What is ISO 27001

Generally speaking, ISO 27001 is an international standard on how to manage

information security.

The standard was originally published jointly by the International Organization for
Standardization (ISO) and the International Electrotechnical Commission (IEC) in 2005
and then revised in 2013. It details requirements for establishing, implementing,
maintaining and continually improving an information security management system
(ISMS) – the aim of which is to help organizations make the information assets they
hold more secure.

ISO 27001 is the internationally recognized and respected standard that determines if a
company is following information security best practices. This completely neutral
standard applies an exacting, risk-based approach to determine the security of data in
an organization, assessing IT structure, processes and people.

What is ISMS

An ISMS is a defined, documented management system that consists of a set of

policies, processes, and systems to manage risks to organizational data, with the
objective of ensuring acceptable levels of information security risk. Ongoing risk
assessments help to identify security threats and vulnerabilities that need to be
managed through a set of controls.

Having an established ISO 27001 compliant ISMS helps you manage the confidentiality,
integrity, and availability of all corporate data in an optimized and cost-effective way.

ISO 27001 Logo

The image below is the official logo of ISO 27001 and some certified companies like
Converge ICT put this on their website to let the visitor/user know that the company is
more than serious about implementing data security and user’s information.
Why ISO is important

Corporate data breaches reports constantly hit new headlines, which serve to remind us
that nowadays our information is unsecured more than it’s ever been before. In 2015,
data breaches, cybercrimes, and hacking were top business issues that garnered much
media attention and compromised the integrity of many companies.

None of the hacked companies were certified against ISO 27001 at the time of the data
breach.

The data breach crisis escalated last year, as more records were compromised in just
12 months than in the previous 15 years combined.

Ransomware attacks surge with tragic consequences, as hospitals were specifically

targeted. Several high-profile organizations went out of business in 2020 and surviving
organizations had to implement business continuity measures quickly in response to the
COVID-19 pandemic or face ruin.

This was often at the expense of cybersecurity and bypassed longstanding corporate
policies, leaving many exposed to exploitation by highly organized and sophisticated
threat actors, as well as other more opportunistic hackers.
In November, Microsoft said at least nine health organization including Pfizer had been
targeted by state-backed organization in North Korea and Russia.

It said that Fancy Bear from Russia and Zinc and Cerium from North Korea are the
responsible groups. They are targeting vaccine information using brute force and
phishing tactics posing as the World Health Organization trying to trick employees into
handing over their login credentials.

ISO 27001 Certification

ISO 27001 is a management standard that was initially designed for the certification of
organizations. The system works like this: a company (or any other type of organization)
develops their Information Security Management System (ISMS), which consists of
policies (e.g., Information Security Policy), procedures (e.g., risk assessment), people
(e.g., internal auditor), technology (e.g., cryptography), etc., and then invites a
certification body to audit whether their ISMS is compliant with the standard. If the
certification audit is successful, then their ISMS is certified against ISO 27001.
What Google, Facebook, Amazon, Microsoft, Apple, Atlassian, Github, GitLab have in
common?
They are all ISO 27001 certified. This makes them worthy of keeping our sensitive
information. In the Philippines companies like Globe, PLDT, Converge, BDO are also
certified.

It is becoming a de facto standard that a company is following a set of standards to

protect user’s information.

Having ISO 27001 certified will give your clients confidence that you treat their
information to a serious level. It demonstrates corporate due diligence and shows
compliance with regulatory and contractual requirements regarding data security,
privacy and IT governance.

Benefits of ISO 27001 Certification

1. Protect your data, wherever it lives - An ISO 27001-compliant ISMS helps protect
all forms of information, whether digital, paper-based, or in the Cloud.
2. Defend against cyber attacks - Implementing and maintaining an ISMS will
significantly reduce your organization’s cyber security and data breach risks.
3. Reduce information security cost - Thanks to the risk assessment and analysis
approach of an ISMS, organizations can reduce costs spent on indiscriminately
adding layers of defensive technology that might not work
4. Respond to evolving security threats - ISO 27001-compliant organizations are
more capable of responding to evolving information security risks due to the risk
management requirements of the Standard.
5. Establish an information security culture - With ISO 27001 embedded in the
organization’s culture, employees are more aware of information security risks,
and security measures are wide-reaching across all facets of the organization.
6. Meet contractual obligations - Certification demonstrates your organization’s
commitment to information security, and provides evidence that you have
formally committed to complying with information security measures.
References
https://www.globe.com.ph/about-us/newsroom/business/globe-data-center-gets-iso-
270012013-certification.html#gref

https://www.convergeict.com/about-us/

https://smart.com.ph/About/newsroom/press-releases/corporate/2020/12/02/pldt-smart-
leads-in-asia-and-emerging-markets-ranks-4th-worldwide-in-world-benchmarking-
alliance-s-report-on-digital-inclusion

https://m.mobilelegends.com/en/newsdetail/475

https://www.itgovernanceusa.com/iso27001

https://pecb.com/whitepaper/no-iso-27001-certified-companies-among-largest-data-
breaches-2014-2015

https://www.bbc.com/news/technology-54936886

https://advisera.com/27001academy/iso-27001-certification/