ISO/IEC 27001:2013
ISO 27001 is a security management standard that specifies security management best practices and comprehensive security controls following the ISO 27002 best practice guidance.
Office Beacon is 27001 audited and certified.
ISO 27001:2013 (formally known as ISO/IEC 27001:2005) is a specification for an information security management
system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical, and technical controls
involved in an organization’s information risk management processes.
ISO 27001 requires that management do the following:
- Systematically examine the organization’s information security risks, taking account of the threats, vulnerabilities, and impacts.
- Design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment to address those risks that are deemed unacceptable.
- Adopt an overarching management process to ensure that the information security controls continue to meet the organization’s information security needs on an ongoing basis.
The ISO 27001 process includes a very formal requirement around “corporate” policies and procedures and around “continuous improvement.” It specifies that companies cover a self-evaluation process that judges and improves the suitability and adequacy of the information security management system (ISMS) as well as its effectiveness. ISO 27001 requires that this self-evaluation process be in place and one “cycle” of improvement be demonstrated before certification can be granted. As such, it takes the longest time of all the compliance profiles to achieve.