ISO 27001: Information security management

NEN-EN-ISO 27001

is an international standard for the information security management system (ISMS) of an organization. The ISMS focuses on managing sensitive company information so that it remains secure. The standard is used both internally and externally to evaluate or determine if the organization conforms to the legal requirements and the organization’s own policy to keep information assets secure.

The criteria for the ISMS are designed to facilitate:
– Developing structural plans (documentation) and defining & coordinating the organization’s processes and activities in accordance with information security
– Determination of information security risks and their impact, prioritizing these risks, and taking preventive and corrective actions
– Deciding on and acquiring the support goods and services like machines, materials, people and space, to conform to information security
– Continuously monitoring/ measuring and examining the level of information security
– Taking appropriate actions by adjusting and implementing plans, processes and activities to improve performance in information security within the organization

ISO 27001 is intended to be applicable to any organization, regardless of its size, industry or the products and services it provides. The ISMS is often required and implemented by IT organizations. This management system can be of great value as well for other (not IT) organizations that work with physical and digital confidential documents and information.

Using this standard helps you decrease information security risks and improves the ISMS in your organization. This is achieved by continual structural management and improvement of the security system. In addition, it reduces the risk of potential financial loss and damage to the company’s brand image. A strong image in the area of information security performance is increasingly required and necessary for contracts. A certificate of this standard shows you ensure the protection of valuable data and information from your organization, stakeholders and clients.