The ISO 27001:2013 or the standard for ‘Information technology— Security techniques — Information security management systems — Requirements’ to use its official title provides a structure for the safeguard of the information of value and importance to a business or organisation irrespective of its format.
The standard suits larger enterprises although smaller enterprises have implemented the standard for many different reasons. Whilst the cost of implementation and maintenance can be significant, most businesses will have conducted a cost-benefit exercise to demonstrate its value.
Another approach adopted by many businesses and organisation is to ‘align’ their security structure to that of the standard thereby achieving the benefits of the policies and processes but without necessarily incurring the higher implementation costs or the costs of the regular internal and external audit processes.
To request an initial discussion about the ISO 27001 standard click here or telephone 020 3195 3957.