The ISO 27001 (ISO/IEC 27001:2005) International Standard is the most renowned information security standard in the world. It has been developed by information security experts from all over the world and is now considered to be the international state of the art. Over 6,000 organisations worldwide have already achieved certification to ISO 27001 and the numbers are rising by over 1,000 a year.
The ISO 27001 standard provides best practice guidance on designing, implementing and maintaining an Information Security Management System (ISMS) to protect the confidentiality, integrity and availability of information assets. A second standard, ISO 27002, contains a list of best practice information security controls which could be used in the ISMS. However, organisations can only be certified to ISO 27001. There is no certification for ISO 27002.
ISO 27001 has been designed for organisations of all types and sizes. It is just as relevant in a 10 person organisation as a 10,000 person organisation. The scope of an organisation’s ISO 27001 certification can be as broad or as narrow as required. It can target the entire organisation, a single business process, a single technical system or a single physical location.
Epsilon guides companies through the often confusing maze of ISO 27001 certification to ensure that they acquire not only the certificate but an efficient, functional and maintainable ISMS that adds value to the business in its own right.
The ISO/IEC 27001 standard is closely aligned with other management system standards, including:
* the ISO 9001 standard (Quality Management);
* the ISO 14001 standard (Environmental Management); and
* the OHSAS 18001 standard (OH&S Management).
Organisations who are already aligned to one of these standards (or are working towards that goal) are already well on the way towards ISO 27001 compliance and certification. We simply modify the existing management system to satisfy the requirements of ISO 27001.