ISO 27001 was issued on 25 September 2013 by Indian Organization of Standards. It is a specification for ISMS (Information Security Management System). An ISM is a structure of policies and procedures to manage an organization systematically. It aims at ensuring the business continuity related to Information Security by reducing the risk. It can be targeted towards the different type of data, technical data, employee’s data, and customer data. ISMS comprises of proposal for Gap Analysis, Objective & targets, documentation, internal audits, continual improvement, and corrective and preventive action. Organizations business has threat of fire, flood and sometimes their information systems are also exposed to threat. Nowadays computer viruses and hacking are very common. ISMS help an organization to reduce such kind of risks. No matter how secure and protected is the information of the organization but still it gets leaked by some Hackers.
All the sections of the organization need to cooperate in ISMS. The specification interprets the planning process as:
- Define security policy.
- Define the scope of ISMS
- Manage identified risks.
- Select control objectives and controls to be implemented.
- Conduct risk assessment.
- Prepare statements of applicability.
An ISM is considered as beneficial tool for an organization. This standard makes sure that the data is secured and also ensures continuation of information security system. The design and execution of an organization’s ISMS is affected by the organization’s needs and objectives, security requirements, the organizational processes used and the size and structure of the organization.
Following are the benefits of ISMS:
- Reduces risks.
- Ensures the security of information system.
- Get a competitive advantage.
- Improves the reputation of an organization.
- Cost reduction.
- Increasing awareness about information security.
- Increased customer satisfaction.
The whole organization gets aware about the security system by implementing ISMS. This standard is mostly related to the Banks, BPO’s, Credit Cards departments, Hospitals and patient’s related data, Development department of Engineering Company, IT sector. Implementation of this standard helps to reduce the risks of computer viruses and have control on hacking systems.