What is ISO 27001?
ISO/IEC 27001:2013—more commonly known as ISO 27001—is the leading international standard for information security. It was established in 2005 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).
This international standard was developed to help organisations around the world manage risks associated with information security threats through the adoption of an Information Security Management System (ISMS).
The ISO 27001 scope
ISO 27001 specifies the requirements for establishing, implementing, maintaining, and continually improving an ISMS. It requires organisations to identify information security risks and provide appropriate processes (named ‘controls’) against said risks.
There is a total of 114 security controls that organisations must implement to obtain the ISO 27001 certification. These controls fall into 14 categories:
1 – Information Security Policies
2 – Organisation of Information Security
3 – Human Resources Security
4 – Asset Management
5 – Access Control
6 – Cryptography
7 – Physical and Environmental Security
8 – Operational Security
9 – Communications Security
10 – System Acquisition, Development and Maintenance
11 – Supplier Relationships
12 – Information Security Incident Management
13 – Information Security Aspects of Business Continuity Management
14 – Compliance
Why ISO 27001 is important
With the growing threat of cyber-attacks, data leaks or theft, as well as GDPR placing data protection at the forefront of every organisation’s agenda, sharing confidential data with third parties has become a critical risk area for companies.
From the breach of personally identifiable information (PII) to the loss of crucial business information with no hope of recovery, it is essential for companies to get more stringent at the time of selecting a third-party supplier.
This is where the ISO 27001 certification comes in. It guarantees that the ISO certified company:
- has a robust security system in place
- has implemented proactive and preventative measures to protect confidential data
- has established detailed procedures to prevent or respond to security incidents and breaches, reducing risks and keeping disruption to a minimum
- has evidence of compliance with GDPR
This certification demonstrates to key stakeholders, including their clients and potential clients, that Ronspot takes the management of Information seriously and comply with world recognised standards in this area. Well done to Michael and all the team at Ronspot for a great achievement.
Kieran Ryan – ISO QSL
What ISO 27001 means to our customers
At Ronspot, we are audited twice a year by an external examiner to maintain the required data security discipline. This is to ensure continuous compliance with the ISO 27001 standard.
Additionally, the Ronspot software is subject to a penetration test once a year, conducted by an external cybersecurity expert. The aim of this authorised simulated cyberattack is to evaluate the security of the system, and identify and resolve potential vulnerabilities.
If you wish to learn more about Ronspot security measures, please contact us and we will be happy to share with you a copy of the relevant ISO-27001 policies.
Your data is in good hands with Ronspot.