Are you familiar with the benefits of ISO 27001, the standard for Information Security? Did you know that this standard can help your Organisation meet obligations under General Data Protection Regulation (GDPR)? This blog will help you understand the potential benefits of adopting ISO 27001 into your Organisation.
ISO (International Standards Organisation) 27001 describes best practice for an Information Security Management System (ISMS). In a nutshell, an ISMS is a systematic approach towards processes, technology and people that I feel can really help an Organisation not just protect and manage all their information through effective risk management but also demonstrate this to their customers. Since adoption and integration with our Quality Management System (ISO 9001) implementation back in 2017, that has certainly been the experience here at MAPS!
In today’s information economy, it is very likely that many of your Organisation’s
most valuable assets are in digital form. Unfortunately, the convenience of the digital
world comes with a downside. The cyber security risks that have become a constant fixture in the news. As digital assets are both valuable and potentially vulnerable, we naturally
should strive to protect them! Of course, you will still have some physical information assets in your organisation. Try as we may to embrace modern technology, print often still finds its way to paper. ISO 27001 sets out how best to protect both digital and physical assets.
The standard required that our Management Team design and implement a comprehensive suite of Information Security processes, controls and forms of risk treatment (like risk avoidance or risk transfer) to address risks deemed unacceptable. ISO 27001 demanded an overarching management process be put in place to ensure that Information Security controls continue to meet our Organisation’s security needs on an ongoing basis.
At the core of a good ISMS are business driven risk assessments, which have empowered us to identify and treat security threats according to our own risk appetite and tolerance. ISO 27001 requires management systematically examine Information Security risks, taking account of the threats, vulnerabilities, and impacts but why should an Organisation implement ISO 27001? The following are 3 great reasons that we think ISO 27001 is a great standard to consider adopting:
1. Customer Reassurance
With cybercrime and data breaches on the rise, Information Security is on everybody’s mind and Organisations’ all over Ireland are making it a top priority. Due to the ever-rising prevalence of cybercrime more business than ever are looking into security assurances from their external partners and suppliers. ISO 27001 certification gives an Organisation an independent, expert verification that their Information Security practices are up to scratch and provides substantial reassurance to any customers or partners that you engage with. A majority of organisations’ certifying to the standard do so to seek a competitive advantage.
2. Regulatory Compliance
Taking a proactive approach to Information Security enables us to protect our data and intellectual capital. We know that we have taken every step possible to be fully compliant with data protection and cyber security laws, including the Data Protection Act and GDPR. Take GDPR Article 32 for example. Article 32 requires Organisations’ to implement a process for regularly testing, assessing and evaluating the effectiveness of technical and Organisational measures for ensuring the security of processing. Article 32 also requires Organisations to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services. The implementation our ISMS helped us effectively satisfy these regulatory requirements. Over half of organisations’ cite regulatory compliance and the driver for certifying to the ISO 27001 standard.
3. Operational Best Practice
The standard is designed to be scalable, so that it can help Organisations’, of all sizes manage their Information Security processes and protect their data and assets. From my own personal experience of working within ISMS environment here at MAPS, I can confidently say that 27001 has proven to be a great framework to apply to a smaller Organisation like ours. It has certainly helped our team by putting robust Information Security best practices firmly in the forefront of our day-to-day activities. That frame of mind is something that we will bring forward with us on future projects. More than half of organisations’ characterise ISO 27001 as an investment that is fully justified by the benefits and over two thirds use the standard to improve their information security posture.
If you would like to learn more about what’s required to get certified, head over to the National Standards Authority of Ireland’s (NSAI) webpage on ISO 27001 for more detail at