ISO 27001 Certification

What is ISO 27001 about?

ISO 27001 provides the requirements for an information security management system (ISMS). The system is similar in its structure and operation to the Quality Management System according to ISO 9001. Tens of thousands of companies that have implemented ISO 9001 guarantee that this model is a viable and effective management tool in every organisation.

With this approach, the Information Security audit is universal and independent of the nature and size of the organisation where it can be implemented. Moreover, it is supposed to cover all information the security of which should be managed. Sometimes information security is mistakenly identified with IT. This is a wrong approach.

Both physical paper and the spoken word must be just as well protected as electronic records, because they carry very important information. Today, effective information security management is a problem that every organisation faces.

FAQ

What are the benefits of ISO 27001 certification?
  • Certificate awarded by an independent organisation such as our certification body is a proof that the certified organisation has effectively implemented and maintained an Information Security Management System.
  • It increases the credibility of the organisation and ensures that entrusted and processed information is properly protected.
  • Attracting new markets and customers. Like ISO 9001, ISO 27001 makes it possible to reach customers with stringent requirements, for whom compliance with certain standards is a prerequisite for cooperation.
  • Proof that legal requirements the organisation is obliged to comply with are met.
  • Information security management is carried out in a formalised & foreseeable manner.
  • Employees, partners know who is responsible for what and how they are to act in protecting the information they deal with. Responsibility, procedures and actions are clearly defined. The management process itself includes mechanisms for control, evaluation and improvement.
What are the legal requirements?
  • This is probably the most powerful and indisputable argument for the introduction of the Information Security Management System. Protection of certain information is absolutely required by a number of regulations and legal acts.
  • In our country there are at least a dozen or so legal acts related to the protection of certain information which even a small company must comply with (e.g. accounting, personal data). Lack of such protection may result in severe financial or criminal sanctions, either against the organisation or the persons responsible, and may even lead to the closure of the business

 

What are business requirements?
  • Today there is no human activity which would not be based on the exchange of information. In order to manufacture or process any product, apart from materials and tools, information is also necessary, either in the form of knowledge on how to do it or how to sell it, when and to whom. Most often this information is crucial to produce something, process it and sell it with profit.
  • Nowadays, protecting information in an organisation is a fundamental need almost like supplying electricity to the company building. Disrupting the "security level" of information in a simple way leads to tangible financial losses, disruptions in the organisation's operations or, even worse, "unquantifiable" losses such as loss of reputation or position. Often the acquisition or disclosure of information can determine the "to be or not to be" of a company.
  • Security management is not just an internal company problem. It is also very often a problem of partners in business. Everyone is a recipient and provider of information and everyone wants to be sure that the process of mutual information exchange will take place as agreed and that it will be controlled. This is a problem that more and more co-operators are facing. Companies consciously managing information and its security look for partners at a similar level of development. This is a natural process known from quality management systems. It eliminates from the market those who are lagging behind and have not implemented information management and security. The model included in the standard allows for effective management of many aspects of information processing in a company. It eliminates from the market those who are lagging behind and have not implemented information management and security. The model included in the standard allows for effective management of many aspects of information processing in a company. A well-designed and implemented system simply makes work more efficient organising the process of information processing.

 

We invite you to contact us

Przemysław SzczurekSenior Manager - Information Security

Tel.: +48 605 594 996
p.szczurek@tuv-nord.pl