ISO 27001 certification is considered among the top ranking levels of accreditation for information security globally. It outlines best practice for an information security management system (ISMS), meaning that it has to be aligned with the organization’s business objectives and processes, as well as fulfill business, regulatory, and contractual obligations.
Achieving certification to the Standard demonstrates to your customers that your organization manages information security in line with international best practice and delivers an independent, expert assessment of whether your data is adequately protected.
Benefits to achieving ISO 27001 certification include:
- Meet increasing client demands for greater data security
- Get an independently audited proof that your data is secure
- Avoid penalties and financial losses due to data breaches
- Protect and enhance your reputation
- Meet local and global security laws, such as the EU’s Directive on security of network and information systems (NIS Directive) and General Data Protection Regulation (GDPR)
It’s not as complicated as it’s made out to be
Brian Honan, author of June’s book of the month, ISO27001 in a Windows® Environment, told us that it “really struck him how complicated people seemed to think ISO 27001 was”. He also said that many people believed that ISO 27001 would “require thousands of mandates, lots of money to invest in IT equipment and systems, and would take forever to get implemented”.
You can listen to the full podcast here.
ISO 27001 can be implemented on your current Windows system
A lot of the technical controls in ISO 27001 can be addressed with the inbuilt functionality and tools in Windows. ISO27001 in a Windows® Environment provides expert essential guidance for everyone involved in a Windows-based ISO 27001 project.
- Details the various controls required under ISO/IEC 27001:2013, together with the relevant Microsoft products that can be used to implement them
- Explains how to make the most of Windows’s security features
- Is ideal for bridging the knowledge gap between ISO 27001 and Windows security