ISO 27001:2013-Information Security Management System
In today’s business environment, information is the lifeblood for any organization. Increasingly, organizations and their information systems are exposed to security threats from a wide range of sources including computer assisted fraud, espionage, sabotage, vandalism, fire, flood etc. Computer viruses, hacking and denial of service attacks have become more common and sophisticated. An Information Security Management System (ISMS) is a systematic approach for managing sensitive company information and information entrusted to companies by third parties so that it remains secure. It encompasses people, processes and IT systems.
For an organization to succeed, its information must be:
Available when needed
Reliable
Accessible only to those who need it including customers, suppliers and other key stakeholders.
To mitigate the risk and information security breaches
To demonstrate due diligence and due care
To have a proactive approach to legal compliance, regulatory and contractual requirements
To assure the internal controls of organizations
Management’s commitment to the security of business and customers’ information
Helps organization to have competitive advantage
Any organization concerned with the security of its information throughout the supply chain.