What is ISO 27001?

What is ISO 27001?

ISO/IEC 27001:2013 is an information security standard that was published in September 2013[1] It supersedes ISO/IEC 27001:2005 and is published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) under the joint ISO and IEC subcommittee, ISO/IEC JTC 1/SC 27.[2]

It is a specification for an information security management system (ISMS).

Organizations that meet the standard may be certified compliant by an independent and accredited certification body on successful completion of a formal compliance audit.

ISO 27001 Information Security Management System (ISMS) is a comprehensive approach to keep confidential corporate information secure. It encompasses people, processes and IT systems and helps your business coordinate your security efforts consistently and cost effectively.

Its easy to understand why clients and customers wouldn't do business with your company if you can't promise their information is protected. After all, data is one of the most valuable assets any business has today. ISO 27001 will protect your business from a comprehensive list of security threats including internet fraud, PC or laptop theft, overseeing of transactions and more.

ISO/IEC 27001:2013 is an information security standard that was published in September 2013[1] It supersedes ISO/IEC 27001:2005 and is published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) under the joint ISO and IEC subcommittee, ISO/IEC JTC 1/SC 27.[2]

It is a specification for an information security management system (ISMS).

Organizations that meet the standard may be certified compliant by an independent and accredited certification body on successful completion of a formal compliance audit.

ISO 27001 Information Security Management System (ISMS) is a comprehensive approach to keep confidential corporate information secure. It encompasses people, processes and IT systems and helps your business coordinate your security efforts consistently and cost effectively.

Its easy to understand why clients and customers wouldn't do business with your company if you can't promise their information is protected. After all, data is one of the most valuable assets any business has today. ISO 27001 will protect your business from a comprehensive list of security threats including internet fraud, PC or laptop theft, overseeing of transactions and more.

How Can Apliso Help Your Business?

How Can Apliso Help Your Business?

Track Non-conformances

Track Non-conformances

A key requirement of ISO Management systems is the logging, tracking, correction and prevention of Non-conformances or Non-compliance. Use the Apliso NC Management system to log all your non-conformances. Allocate resources to complete corrective actions, complete effective root cause analysis and execute effective preventative action.

A key requirement of ISO Management systems is the logging, tracking, correction and prevention of Non-conformances or Non-compliance. Use the Apliso NC Management system to log all your non-conformances. Allocate resources to complete corrective actions, complete effective root cause analysis and execute effective preventative action.

Customer Complaint Mngt

Customer Complaint Mngt

Your business or organisation depends on the speedy resolution of all customer complaints. The Apliso Customer Complaint management system allows you to quickly log a complaint, allocate the appropriate resource to correct the complaint. This is followed by effective root cause analysis and preventative action to ensure no repeat complaints. Comprehensive reports and complaint status is standard in the system.

Your business or organisation depends on the speedy resolution of all customer complaints. The Apliso Customer Complaint management system allows you to quickly log a complaint, allocate the appropriate resource to correct the complaint. This is followed by effective root cause analysis and preventative action to ensure no repeat complaints. Comprehensive reports and complaint status is standard in the system.

Business Improvements

Business Improvements

How do you drive business improvement – easy you log any event, incident, or error that occurs. You allocate these events to the appropriate people to correct, and then apply effective root cause analysis and carefully planned preventative action to ensure no future event and drive improvement. Use detail analysis to monitor and measure improvements.

How do you drive business improvement – easy you log any event, incident, or error that occurs. You allocate these events to the appropriate people to correct, and then apply effective root cause analysis and carefully planned preventative action to ensure no future event and drive improvement. Use detail analysis to monitor and measure improvements.

Health & Safety Incidents

Health & Safety Incidents

Occupational health and safety requirements are such that any incident or near miss must be logged, corrected and effectively closed out. Appropriate controls should be put in place to prevent further occurrences of such events. Apliso Incident Management application allows you to comply to the requirements and effectively manage your Health and Safety requirements.

Occupational health and safety requirements are such that any incident or near miss must be logged, corrected and effectively closed out. Appropriate controls should be put in place to prevent further occurrences of such events. Apliso Incident Management application allows you to comply to the requirements and effectively manage your Health and Safety requirements.

Management System Implementation

Management System Implementation

You have decided to implement or need more information on an ISO Management system (ISO 9001 Quality or ISO 14001 Environment Management or ISO 27001 Information Security Management plus more). You need assistance or advice on how to go about these requirements, what is involved, how long it will take etc. – Apliso provides this expert consulting service.

You have decided to implement or need more information on an ISO Management system (ISO 9001 Quality or ISO 14001 Environment Management or ISO 27001 Information Security Management plus more). You need assistance or advice on how to go about these requirements, what is involved, how long it will take etc. – Apliso provides this expert consulting service.

© 2015 isostandards.co.za. Legal Information

© 2015 isostandards.co.za. Legal Information

CALL: +27 87 150 5559

CALL: +27 87 150 5559

IS YOUR BUSINESS COMPLIANT IN THE LATEST POPI LEGISLATION?

IS YOUR BUSINESS COMPLIANT IN THE LATEST POPI LEGISLATION?

With the COVID-19 situation and more companies pushing people to work from home, there has been a dramatic increase in information security threats such as phishing attacks, email scams etc.

With the COVID-19 situation and more companies pushing people to work from home, there has been a dramatic increase in information security threats such as phishing attacks, email scams etc.

Let Apliso Help You Today

Let Apliso Help You Today

This has caused a steady increase in compliance requirements globally to protecting personal information.

POPI in South Africa was fully enacted on 1 July 2020.

GDPR (General Data Protection Requirements) has been in place for a couple of years and is the European Union regulations regarding protection of personal information.

 For these and other country Personal information regulations, they all require the implementation of an ISO27001 Information Security Management System.

This has caused a steady increase in compliance requirements globally to protecting personal information.

POPI in South Africa was fully enacted on 1 July 2020.

GDPR (General Data Protection Requirements) has been in place for a couple of years and is the European Union regulations regarding protection of personal information.

 For these and other country Personal information regulations, they all require the implementation of an ISO27001 Information Security Management System.

Fill In This Form To Get The Details

Fill In This Form To Get The Details

Why implement an ISMS?

Why implement an ISMS?

An ISMS offers several significant benefits to both the organization and its customers especially in the protection of private information.

  • It ensures suitable security controls are in place - The intensive risk assessment and other processes involved in implementing the ISMS help to verify that any security controls and strategies are appropriate, cost effective, and prioritized to address the core security needs of the organization.

  • It demonstrates a commitment to security best practice - The existence of an ISMS is a powerful demonstration to an organization's customers of its commitment to information security. Customers can be confident that an ISMS-compliant organization understands and implements industry best practice. Certification of the ISMS provides independent and unbiased evidence of this compliance.

  • It ensures compliance with third party obligations - Many organizations will have external responsibilities with regard to the data in their possession. These may concern privacy, intellectual data ownership, or, in an increasingly regulatory environment, legal issues. An ISMS can greatly assist an organization in the fulfillment of such requirements.

  • It assists in complying to legislation around protection of personal information - There has been a steady increase in compliance requirements globally to protecting personal information.  POPI in South Africa was fully enacted on 1 July 2020.  GDPR (General Data Protection Requirements) has been in place for a couple of years and is the European Union regulations regarding protection of Personal information. For these and other country Personal information regulations, they all require the implementation of an Information Security Management System.

An ISMS offers several significant benefits to both the organization and its customers especially in the protection of private information.

  • It ensures suitable security controls are in place - The intensive risk assessment and other processes involved in implementing the ISMS help to verify that any security controls and strategies are appropriate, cost effective, and prioritized to address the core security needs of the organization.

  • It demonstrates a commitment to security best practice - The existence of an ISMS is a powerful demonstration to an organization's customers of its commitment to information security. Customers can be confident that an ISMS-compliant organization understands and implements industry best practice. Certification of the ISMS provides independent and unbiased evidence of this compliance.

  • It ensures compliance with third party obligations - Many organizations will have external responsibilities with regard to the data in their possession. These may concern privacy, intellectual data ownership, or, in an increasingly regulatory environment, legal issues. An ISMS can greatly assist an organization in the fulfillment of such requirements.

  • It assists in complying to legislation around protection of personal information - There has been a steady increase in compliance requirements globally to protecting personal information.  POPI in South Africa was fully enacted on 1 July 2020.  GDPR (General Data Protection Requirements) has been in place for a couple of years and is the European Union regulations regarding protection of Personal information. For these and other country Personal information regulations, they all require the implementation of an Information Security Management System.

How Can Apliso Help You Implement An ISMS For Your Business?

How Can Apliso Help You Implement An ISMS For Your Business?

An ISMS can be a complex entity dealing with many variables. Its complexity will depend largely on the scale and nature of the owner organization, along with the volume, nature and variety of the information involved.

Apliso can help you make the implementing of the ISO 27001 Information Security Management System as streamline and less intrusive as possible. 

There are many different aspects that needs to be given attention to ensure the full compliency of your business.

Some of these aspects that Apliso can help you with are:

  • Scope - At the head of the ISMS is the statement of scope. This defines the logical and geographical boundaries of the ISMS: in other words, the people, places and information to which the ISMS will apply
  • Policy - Apliso can help to generate a  policy statement which is the high level overview of precisely what the ISMS is seeking to achieve. It should define factors such as the criteria to be applied during risk assessment and the types of security breach the ISMS will seek to protect against. It should pay consideration to other policies within the organization which may have an impact on the ISMS. It also defines top level roles and responsibilities, such as who, at management level, has approved the policy, and who is responsible for the maintenance and implementation of the ISMS.
  • Risk assessment - Risk assessment lies at the heart of the ISMS and will almost always form the largest section of its content. Apliso can help you get an accurate assessment that provides a focus for the implementation of security controls and strategies, and ensures that these controls and strategies are correctly prioritized and cost effective.

 

  • Risk handling strategies - All identified risks must be addressed in the most effective ways possible. Apliso can help you structure these ways so that they will be most effectively implemented to suite your business' needs.

An ISMS can be a complex entity dealing with many variables. Its complexity will depend largely on the scale and nature of the owner organization, along with the volume, nature and variety of the information involved.

Apliso can help you make the implementing of the ISO 27001 Information Security Management System as streamline and less intrusive as possible. 

There are many different aspects that needs to be given attention to ensure the full compliency of your business.

Some of these aspects that Apliso can help you with are:

  • Scope - At the head of the ISMS is the statement of scope. This defines the logical and geographical boundaries of the ISMS: in other words, the people, places and information to which the ISMS will apply
  • Policy - Apliso can help to generate a  policy statement which is the high level overview of precisely what the ISMS is seeking to achieve. It should define factors such as the criteria to be applied during risk assessment and the types of security breach the ISMS will seek to protect against. It should pay consideration to other policies within the organization which may have an impact on the ISMS. It also defines top level roles and responsibilities, such as who, at management level, has approved the policy, and who is responsible for the maintenance and implementation of the ISMS.
  • Risk assessment - Risk assessment lies at the heart of the ISMS and will almost always form the largest section of its content. Apliso can help you get an accurate assessment that provides a focus for the implementation of security controls and strategies, and ensures that these controls and strategies are correctly prioritized and cost effective.

 

  • Risk handling strategies - All identified risks must be addressed in the most effective ways possible. Apliso can help you structure these ways so that they will be most effectively implemented to suite your business' needs.

By using the Apliso ISMS, you will be compliant with the current ISO 27001 regulations and have all your business and customer's private information security in place.

By using the Apliso ISMS, you will be compliant with the current ISO 27001 regulations and have all your business and customer's private information security in place.