Data and information protection is now an important issue for government, businesses and the public; Especially after the cyber-attacks drew attention to the security vulnerabilities of large corporations and organizations such as NHS hospitals and local councils.
ISO (International Organization for Standardization) has established the Information Security Management Standard (ISO 27001 ) to assist all organizations, large and small, in keeping information secure and credible .
This standard helps organizations establish a framework for the Information Security Management System (ISMS) that helps protect your information against cyber attacks, hacking, theft and data leakage by developing the best performance.
ISO 27001 is beyond IT. To provide the security required by organizations, the standard covers all aspects of business and develops risk management as a whole for a strong security culture.
By obtaining ISO 27001, you will develop processes that cover the legal, physical, human and technical aspects of your organization and protect digital and physical assets. To do this, the standard includes a diverse set of controls.
What controls does ISO 27001 include?
The wide and deep scope of this standard includes 114 separate controls. Each control is designed to help businesses cover different aspects of information protection. All controls are executed; Unless they relate to the specific activities of your organization.
These controls are grouped in a section known as Annex A and then divided into 14 categories. These categories range from formulating information policy to creating access processes.
You can see the full list of categories below:
- Annex A.5: Information Security Policies
- Annex A.6: Information Security Organization
- Annex A.7: Human Resource Security
- Annex A.8: Asset Management
- Annex A.9: Asset Control
- Annex A.10: Encryption
- Annex A.11: Physical and environmental security
- Annex A.12: Operations Security
- Annex A.13: Communication Security
- Annex A.14: System Acquisition, Development and Maintenance
- Annex A.15: Supplier Relations
- Annex A.16: Information Security Incident Management
- Annex A.17: Information Security Aspects of Business Continuity Management
- Annex A.18: Compliance
By applying these controls, you can ensure that your organization complies with the latest rules and regulations, stays updated through continuous improvement, and has strong risk management.