Introduction to ISO 27001:2013

Information Security Management System (ISMS)

What is ISO/IEC 27001:2013?

The ISO/IEC 27001:2013 certification is commonly known as the ISO 27001:2013 Certification. It refers to the Information Security Management Systems. As the name implies, it is an international standard for the management of information security.

It was first published in 2005 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), which explains why it is called ISO/IEC 27001. Later on, in 2013, it was revised to become the current latest version of ISO/IEC 27001:2013.

How can the standard help my organisation?

The Information Security Management System (ISMS) standards included detailed requirements needed for companies to set up, implement, maintain and continually improve their information security management systems. By being certified to the ISO 27001 certification, it is a validation that your organisation is putting resources into protecting the information assets that you have painstakingly built or invested in.

Who will benefit from an ISO/IEC 27001 certification?

Conventionally, when we think about information security, the first things that came to mind are IT systems, on-premise servers and perhaps effective anti-virus software implementations.

In this digital age, a company’s assets are no longer purely physical-based assets. It stretches far beyond into cloud data, elaborate server infrastructure in the cloud, and also includes the clients’ identity, credit card details and even health data. The information that a company holds is largely deemed to be assets that must be protected as well. The ISO 27001 certification provides such a framework to manage and control information security risks, for businesses to securely hold such information assets.

 

Under the certification process of the standard, organisations are to put in place controls ranging from physical security, to access rights, to communications and supplier management. The key principles of the standard centre on maintaining confidentiality, integrity, and availability of information assets. Information security is a crucial element of surviving in the digital world of business, as customer trust is gained. In turn, providing assurance to customers & business partners and gaining their trust allows for many business opportunities, business growth and expansion. This is all achieved through compliance with the ISO 27001 standard.

Why Work With Stendard?

Our approach to every client organisation’s certification is always structured in a way that would help your team members understand the importance of staying compliant.

Our step-by-step process:

  • Listening to your team, your industry and your market interest to understand the appropriate standard(s) that applies to your company;

  • Scoping of your ISMS, with a detailed explanation of the risk management process, as well as the explanation of the certification process;

  • Ensuring the relevant Control Objectives and Controls are well-established in accordance with best practices;

  • Ensuring the competency of your team regarding ISO 27001 standards and requirements, which includes the conduct of training courses;

  • Providing guidance or performing annual internal audits with the relevant departments; and

  • Setting up links to the third-party auditing body or certification body.
 
Headquartered in Singapore and having offices in Indonesia, we are able to support you and your organisation within this region and beyond.

Related Resources

Find out all the details you need to know about ISO 27001 Certification.

Learn general and in-depth concepts of ISO 27001 online.