08 Nov 2018

Your security strategy is nothing without ISO27001

Cyber security isn’t easy for any organisation.

Regardless of the type and size, it seems everyone’s struggling to make sense of a radar screen crowded with new, constantly moving and morphing threats; any one of which could create serious disruption and even shutdown an organisation completely.

Your best chance of avoiding that fate is to be organised and vigilant in how you audit and secure data – be it yours, your customers’ or other stakeholders’. With so much to do, the question is: where do you start?

Security-Tool-Banner

ISO27001

The International Standards Organisation (ISO) certification for cyber security compliance is ISO27001. It’s part of the ISO/IEC 27000 family of standards, of which the last version was published in 2013, with only a few minor updates since then.

It was designed to help organisations enhance their cyber security, an important part of which is fostering the right corporate culture and ensuring that the executive level makes security a top concern at all levels of their organisation.

Why you need ISO27001

In recent years, most organisations have seen significant changes in the way that they enable their employees. Most notably, there has been a sharp rise in the number of mobile devices and apps being used – authorised and not – by staff, as well as large increases in the volumes of data being transacted in the cloud.

Against this backdrop, cyber-attacks have become more targeted and sophisticated, whilst also less discriminatory – organisations big and small are equally at risk. Coupled with the fact that more and more data, including sensitive customer information, is being stored digitally, the potential impact of a breach has increased exponentially.

Not only that, these new threats have given rise to new regulations, most recently Australia’s Data Breach Notification (NDB) Act introduced in February this year, and Europe’s General Data Breach Regulation (GDBR) provisions which came into effect in May.

Achieving ISO27001 is the best way for Australian organisations to remain safe, compliant, and operational in today’s complex cyber-security environment, whilst also enjoying important bottom-line business benefit, too.

Top 3 Benefits of acquiring IS027001 Certification:

1) Putting the business in order

When a company has been growing rapidly for many years, undocumented processes and inconsistent practices can hinder future growth.

Through the process of achieving ISO27001 certification, organisations are forced to precisely define policies, procedures and controls, and therefore strengthen the internal organisation with a discipline they may not have otherwise employed. This includes things like technical security, as well as the security and viability of the business as a whole, which naturally has knock-on benefits to customers and other stakeholders who are likely to take a more positive view of the brand.

2) Compliance

Many service provider organisations – particularly in education, financial, health or government – must comply to various regulations regarding data protection, privacy, and IT Governance.

The NDB regulations under the Australian Privacy Act and the European Union’s GDPR both have a heavy reliance on the security posture of the business and the methods used to manage risk. Australian companies that fail to comply with Australia’s NBD scheme face heavy fines, as do individuals deemed to have been remiss in their duties.

3) Brand enhancement

Not only does ISO27001 provide a comprehensive PDCA (Plan, Do, Check, and Act) framework for building your Information Security Management System, but it can also translate into tangible bottom-line benefits, such as making a business proposal more appealing or holding a recognised stamp of approval that enhances brand value.

Being able to boast ISO27001 certification can provide you with an important point of differentiation to you competition or it may simply put you on a level playing field. This is especially true when doing business at the big-end of town, where compliance is scrutinised more closely.

It’s not uncommon, for instance, for RFPs (Requests for Proposals) to ask for ISO/IEC 27000 certifications and to then use these benchmarks during their supplier shortlisting process.

 

Data has quickly emerged as one of, if not the most important asset for organisations today. Having it compromised can hurt companies, not just in terms of expense, but also fines for compliance breaches, as well as potentially irreparable brand damage.

Different organisations can have vastly varying requirements and exposures to risk, but an Information Security Management System (ISMS) can provide you with a framework and place to begin. The ISMS is where you can store all of your specific policies, procedures and documentation each firm needs are kept, revised and updated as circumstances require.

Talk to one of Brennan IT’s expert engineers and business consultants about getting your organisation on the right footing with an ISO27001 compliance maturity assessment or how an ISMS could benefit you.

Top