ISO 27001:2013-Information Security Management System
In today’s business environment, information is the lifeblood for any organization. Increasingly, organizations and their information systems are exposed to security threats from a wide range of sources including computer assisted fraud, espionage, sabotage, vandalism, fire, flood etc. Computer viruses, hacking and denial of service attacks have become more common and sophisticated. An Information Security Management System (ISMS) is a systematic approach for managing sensitive company information and information entrusted to companies by third parties so that it remains secure. It encompasses people, processes and IT systems.
The Importance of Information Security
For an organization to succeed, its information must be:
- available when needed
- accessible only to those who need it including customers, suppliers and other key stakeholders.
- To mitigate the risk and information security breaches
- To demonstrate due diligence and due care
- To have a proactive approach to legal compliance, regulatory and contractual requirements
- To assure the internal controls of organizations
- Management’s commitment to the security of business and customers’ information
- Helps organization to have competitive advantage
Any organization concerned with the security of its information throughout the supply chain.