ISO/IEC 27001 (ISMS)
Due to the wide-ranging nature of data storage and protection, you will need to involve all levels of management and all areas of your organisation to implement and maintain an effective information security management system (ISMS). Information security is as much about people as technology.
ISO/IEC 27001 controls- To implement a robust and workable system you will need to consider the following:
- Define the scope of the system
- Define your information security policy
- Establish the security objectives of the business
- Perform an information security risk assessment
- Formulate a risk treatment plan
- Select the most suitable control methods
- Establish policies and procedures
- Implement internal review and internal audits
- Monitor the performance of controls to identify opportunities for improvement.