what is iso 27001 and why you should get compliant
TRANSCRIPT
© 2016 Stickman Consulting Pty Ltd 1
1
What is ISO 27001 and why you should get compliant.By Ajay Unni, CEO, Stickman Consulting
By Ajay Unni, CEO, Stickman
© 2016 Stickman Consulting Pty Ltd 2
What is ISO 27001?
ISO 27001 is the specific standard that provides for the requirement for an information security management system (ISMS).
It is part of the ISO 27000 family of standards that outlines how organisations can keep information assets secure.
© 2016 Stickman Consulting Pty Ltd 3
How do you become ISO 27001 compliant?
To achieve ISO 27001 certification, you must comply with the 14 mandatory
requirements for certification.
This includes ensuring these 14 mandatory requirements are present and fit for
purpose.
© 2016 Stickman Consulting Pty Ltd 4
What are the 14 mandatory requirements?
1. Information security management system scope2. Information security policy3. Information security risk assessment process4. Information security risk treatment process5. Information security objectives6. Evidence of competence of people working in information security7. Other ISMS related documents deemed necessary by the organisation8. Operational planning and control documents9. The results of the risk assessment10. The decisions regarding risk assessment11. Evidence of the monitoring and measurement of information security12. The ISMS internal audit program and the results of the audits conducted13. Evidence of top management reviews of the ISMS14. Evidence of nonconformities identified and corrective actions arising
4
© 2016 Stickman Consulting Pty Ltd 5
4 reasons you should get compliant1. Gain a competitive edge2. Avoid financial loss3. Ensure data privacy and integrity4. Define information handling
responsibilities
© 2016 Stickman Consulting Pty Ltd 6
1. Gaining a competitive edge
• ISO 27001 compliance displays a pro-active approach to data security.
• Enhances ability to win tenders.• Helps to access global markets.• Removes the audit requirement for every
new client.
© 2016 Stickman Consulting Pty Ltd 7
2. Avoid financial loss
• Reduce incidents and reduce expenses to resolve them.
• Avoid fines and penalties.• Make more informed decisions on risk
management.• ISO 27001 can be integrated with other
standards to streamline maintenance.
© 2016 Stickman Consulting Pty Ltd 8
3. Ensure data privacy and integrity• ISO 27001 is the most reliable way to manage
data.• Reduce severity of threats to information.• Reduce probability of legal prosecution due to
data breaches.• ISO 27001 procedures enable detection of
security breaches.• Allows separation of affected data allowing easier
rectification.
© 2016 Stickman Consulting Pty Ltd 9
4. Define information handling responsibilities
• ISO 27001 creates a culture that is conscious of information security.
• Define decision makers and those responsible for authorising access to information.
• ISO 27001 makes information security a priority for senior management.
• Reduces employee-related security breaches via security awareness and training programmes.
© 2016 Stickman Consulting Pty Ltd 10
NegligenceOpportunistic
ReputationCost
Data Security
RiskSummar
y
© 2016 Stickman Consulting Pty Ltd 11
P: 1800 785 626E: [email protected]
Level 11, Suite 2,210 George Street,Sydney NSW 2000
Thank you!