ISO 27001:2013 is an internationally recognised standard setting out the specifications for safe management of information. It can by used by firms that wish to implement or improve the systems for safe management of their data and that of their customers. The standard consists of 10 sections, each referring to a basic information management sector:
|
SECTOR
|
CONTENT
|
| Information Security Policy | Detailed comprehension of the business targets of a firm and creation of a suitable policy of information safety. |
| Information Security Infrastructure | Configuration of an administrative framework allowing the application and control of information safety inside the firm. |
|
Resource classification and control |
Detailed recording of the resources of the firm and designation of the safety level required for these resources. |
| Personnel Security | Reduction of risks due to human error, theft, deceit or poor use of corporate resources. Ensuring that the personnel are aware of the safety policy on information and |
|
Physical and Environmental Security |
Prevention of unauthorised access, damage and intervention on the business installations, and of any losses and/or interruption of the firm’s activities. |
|
Computer & Network Management |
Ensuring correct and safe operation of information processing applications, minimisation of risks of interruption of information systems operation, software and information integrity protection and protection of information in networks and related infrastructure. |
| Access Control | Control of access to information, ensuring the protection of networks, prevention of unauthorised access to computers, tracking of unauthorised activities. |
|
System Development & Maintenance |
The purpose of this section is to ensure that the necessary safety features are included in the operational systems, to prevent the loss, modification or poor usage of application users’ data, to ensure safe management of programmes and support activities. |
| Business Continuity Planning | Establishment of a reaction plan in case of interruptions in business activities and critical business processes, as a result of important failures or destructions. |
| Compliance | Avoidance of violations of criminal or civil law, regulatory or contractual obligations and safety requirements. |
The advantages of certification
- Protection of information from a wide range of threats ensures the continuation of operations and the minimisation of operational losses.
- Protection of the company’s files and data, as well as of copyright and private information on personnel and customers.
- Accountability and responsibility for the safety of data are assigned, and those involved in matters of data safety are briefed and trained.
- In addition to the protection of vital corporate information, certification attests compliance to international standards on data safety.
- Inspires increased trust to business associates who entrust certified companies with their information, as such information is available to authorised personnel only.
- Enhances the company’s competitive advantage by inspiring trust, externally (market) and internally (personnel), through the implementation of a Safety Policy.
The Methodology applied in the design and implementation of systems according to ISO 27001 standards is shown in the diagram that follows:
Επιλέξτε τα Cookies που επιθυμείτε να είναι ενεργά
