Standards

Information Security Management

Why does ISO 27001 matter to your business?

Most common misconception about ISO standards, including ISO 27001 is that it is an expensive set of rules that are available in binders, shared folders or intranets and then it has only one use: to collect dust or use disk space and serve as a fancy selling point when trying to sell products or services.

If those standards are nothing but many words, it means that they are not implemented - hence, not truly beneficial for an organization. Learn here how do we implement our standards in our products, services and business processes and it will become apparent why is it truly beneficial for both our customers that we comply with ISO 27001. If it is beneficial to our customers it is beneficial to us. By meeting the requirements set out in ISO 27001 we do not become flawless, but we become commited to continual improvement in respect of information security. 

How do we implement ISO 27001?

When implementing a standard the most important thing is the context. It is impossible to implement a standard is:

  • establishing a clear scope to what standard applies and the context in which 
  • setting out the aims and objectives of standard implementation
  • preparing a plan for standard implementation
  • implementing a standard
  • monitoring of a standard application and auditing
  • commiting to continuous improvement

Here is an easy example and a brief description of how we implemented ISO 27001 one of the measures of our core business processes. The example is given to you primary for you to understand our way of thinking.

Implementing that standard in any context or scope will still not mean that it is perfect.