ISO27001 - Why bother with such high standards?

Scroll Down
22-Sep-2018 12:34:04

In my last piece, I talked about Problem Management and how it is often confused with Major Incident management. In fact, while the two are linked, they are very different beasts. However strong your Problem Management, you must be ready for business critical incidents.

ISO27001 is generally regarded as the de facto international best practice standard for an Information Security Management System (ISMS).

However, achieving certification against the Standard is by no means an easy process. It takes a considerable investment of time and money, but most importantly requires executive management commitment. So why even bother?

We looked at some of our current clients to determine their key drivers for embarking on their ISO27001 journey.

Our most recent engagement is with a medical equipment supplier who works closely with a number of NHS and private health providers. The organisation realised that alignment to the Standard would allow it to more readily demonstrate adherence with a variety of compliance requirements, as well as assure patients that it handles their sensitive personal data responsibly.

Another client, an intergovernmental organisation recognised that its reputation is closely linked to a unique archive of public records and determined ISO27001 certification as the best way to provide assurance, both internally and externally, that this valuable asset is properly protected.

Finally, we are working with a travel company and a law firm who have both determined that certification would give them competitive advantage and attract more clients, especially from regulated industries and the public sector.

Compliance and provision of client assurance are undoubtedly the most common reasons for pursuing ISO27001 certification amongst service-sector organisations, who are increasingly being asked to demonstrate how they protect their clients’ data. This is especially the case for service providers acting as Data Processors, processing personal data on behalf of Data Controllers, who require assurance that processing is undertaken securely, in accordance with the seventh principle of the Data Protection Act.

Whilst each of our clients has their own reasons for wanting to attain ISO27001 certification, there is one thing that has to be established from the outset and maintained up to, and beyond, certification; Commitment from the highest level of management.

Executive support is required for providing overall direction and allocating the resource required to support the implementation and continued operation of the ISMS. Consequently, it is vital that they endorse the business case and, therefore, understand that winning new business, simplifying compliance requirements and maintaining their business’ reputation are all good reasons to aim for such high standards!

New call-to-action

Download our FREE
End User Support e-book

If you share any level of responsibility for delivering high quality It to your organisation, our FREE e-book ‘Happy Users, Easy Life’ is for you.

New call-to-action

Leave a Comment

Next step

Pete Canavan
Pete recommends our FREE webinar consultation

Talk to us today about Business Advantage IT

If you’d be interested in discovering how Plan-Net could help give your organisation Business Advantage IT, get in touch.

Did you find this article useful?
Sign up to receive more from Plan-Net