© 2016 Stickman Consulting Pty Ltd 1

1

What is ISO 27001 and why you should get compliant.By Ajay Unni, CEO, Stickman Consulting

By Ajay Unni, CEO, Stickman

© 2016 Stickman Consulting Pty Ltd 2

What is ISO 27001?

ISO 27001 is the specific standard that provides for the requirement for an information security management system (ISMS).

It is part of the ISO 27000 family of standards that outlines how organisations can keep information assets secure.

© 2016 Stickman Consulting Pty Ltd 3

How do you become ISO 27001 compliant?

To achieve ISO 27001 certification, you must comply with the 14 mandatory

requirements for certification.

This includes ensuring these 14 mandatory requirements are present and fit for

purpose.

© 2016 Stickman Consulting Pty Ltd 4

What are the 14 mandatory requirements?

1. Information security management system scope2. Information security policy3. Information security risk assessment process4. Information security risk treatment process5. Information security objectives6. Evidence of competence of people working in information security7. Other ISMS related documents deemed necessary by the organisation8. Operational planning and control documents9. The results of the risk assessment10. The decisions regarding risk assessment11. Evidence of the monitoring and measurement of information security12. The ISMS internal audit program and the results of the audits conducted13. Evidence of top management reviews of the ISMS14. Evidence of nonconformities identified and corrective actions arising

4

© 2016 Stickman Consulting Pty Ltd 5

4 reasons you should get compliant1. Gain a competitive edge2. Avoid financial loss3. Ensure data privacy and integrity4. Define information handling

responsibilities

© 2016 Stickman Consulting Pty Ltd 6

1. Gaining a competitive edge

• ISO 27001 compliance displays a pro-active approach to data security.

• Enhances ability to win tenders.• Helps to access global markets.• Removes the audit requirement for every

new client.

© 2016 Stickman Consulting Pty Ltd 7

2. Avoid financial loss

• Reduce incidents and reduce expenses to resolve them.

• Avoid fines and penalties.• Make more informed decisions on risk

management.• ISO 27001 can be integrated with other

standards to streamline maintenance.

© 2016 Stickman Consulting Pty Ltd 8

3. Ensure data privacy and integrity• ISO 27001 is the most reliable way to manage

data.• Reduce severity of threats to information.• Reduce probability of legal prosecution due to

data breaches.• ISO 27001 procedures enable detection of

security breaches.• Allows separation of affected data allowing easier

rectification.

© 2016 Stickman Consulting Pty Ltd 9

4. Define information handling responsibilities

• ISO 27001 creates a culture that is conscious of information security.

• Define decision makers and those responsible for authorising access to information.

• ISO 27001 makes information security a priority for senior management.

• Reduces employee-related security breaches via security awareness and training programmes.

© 2016 Stickman Consulting Pty Ltd 10

NegligenceOpportunistic

ReputationCost

Data Security

RiskSummar

y

© 2016 Stickman Consulting Pty Ltd 11

P: 1800 785 626E: ajay.unni@stickman.com.auwww.stickman.com.au

Level 11, Suite 2,210 George Street,Sydney NSW 2000

Thank you!