Spirit UK is currently assisting Payzone UK with the implementation phase of the project, which requires an in depth knowledge of security as well as the requirements for the standard.
For those who want to learn more about ISO 27001, here is a detailed description about it.
ISO 27001 is an international standard that provides a model for establishing, implementing, monitoring, reviewing, maintaining and improving the ISMS (international information security management system).
Interested parties use this standard when they transmit or store data, which is an advantage when one is looking for a supplier or customer. According to the requirements for certification by certification companies, can freely say that increases organizations interest to comply with the requirements of this standard.
Information security management system emphasizes the importance of organizations to implement the following requirements:
• Understanding the importance of information security, the establishment of policies and objectives for information security;
• Implementation of operating procedures for the control and management of security risks;
• Monitoring and reviewing the effectiveness and efficiency of information security management system;
• Ensuring continuous improvement of safety on the based on operations;
Acquisition of ISO / IEC 27001 proves that Organization implement the requirements specified in this standard, and that the information security management system is regularly tested and audited. This standard function according to the PDCA model (Plan-Do-Check-
When performing authentication of ISO 27001 should always be taken into consideration and the scope of certification for which the certificate was issued. It rarely happens scope of the certificate to be issued for only one part of the Organization (in cases where the organization has multiple offices or working bases), in such cases would be the best organization to pursue its operations to comply with the standard level of the entire organization. During the implementation of this standard is necessary to prepare appropriate documentation, but more important meaning has the manner of their control and application.
Many organizations often have some form of security information, but it is informal and structures of that system are not interconnected. In such forms of information systems security, where there is not clearly defined areas of risk, might happen potential security risks.
ISO 27001 contains over 135 control points that would ensure a systematic review of the information. These include control of HR processes to the preparation of documents, of maintaining the business by planning, at all levels of the organization.