ISO 27001 Information Security
Managing the risks associated with operating a business in the digital age.
Information security sometimes called InfoSec is the process of safeguarding information from unauthorised access, use, destruction, modification or disclosure. Information Security is an essential component to the successful operation of any organisation.
Have you looked at our self assessment checklist yet?
We worked hard so you don’t have to. Our checklists break down the standard in plain English so you can understand the requirements and what your business needs to do to get certified.
Want to speak to someone?
If you need more information and want answers to your questions call us, our friendly team will help.
1300 495 855
ISO 27001 Information Security Key Concerns
As organisations have become more connected with increased information flows productivity has improved dramatically. The flip side to all this is that we are now more reliant on this data and information than ever before. If our organisations data becomes corrupted, destroyed or falls into the wrong hands it can have serious commercial and legal consequences.
The adoption of an information security management system is a strategic decision for an organisation; it demonstrates a commitment to managing information appropriately and responsibly.
Certification to ISO27001 provides you with an independent endorsement that your commitment to information security meets international standards. Clients, partners and other stakeholders can have confidence that your systems to protect information are appropriate, effective and have been audited regularly. Certification to ISO27001 may help you access markets, grow your client base and improve your systems.
That’s where Compass Assurance Services comes in. We get it.
What is the ISO 27001 standard all about?
The ISO 27001 standard provides a framework for the development of information security management systems. The standards include requirements for the assessment and treatment of information security risks tailored to the needs of the organisation. It’s not all about risk though. The standard also addresses opportunities that may present themselves and provides a mechanism for highlighting and capitalising on these. The requirements of the standard are generic and intended to be applicable to all organisations regardless of the size or what type of business you operate.
Determining the scope of your Information Security Management is an important initial consideration as is gaining a sound understanding of the needs and expectations of your stakeholders.
Why does and organisation need to manage its information security?
Eliminating all information security risk from your business is probably not achievable. The controls adopted should be proportional to the level of risk. One could implement very onerous controls in order to bring risk ratings down to a bare minimum only to find that we are no longer able to conduct business effectively. The key to it all is balance, and an awareness of what risks are out there.
Compass Assurance Services has experienced auditors with practical experience; we are able to work through the process, and the risk methodologies and controls you have applied to managing information security.
In summary, what are the benefits of ISO 27001 certification to my business?
- With the adoption of thestandardyou will gain an in-depth appreciation of the current and potential security threats that could severely undermine your business and/or the data and information of you and your clients.
- You will have confidence that your processes to address your regulatory and legal obligations are appropriate
- You will have gained a powerful marketing tool, which may help you win new clients, enter new markets or put you in a different league to that of your competitors.
You will have gained significant insights into how your business manages one of its most valuable commodities – information.
Four ways to protect your Information Security
ISO 27001 certification is aimed at creating and establishing processes to safeguarding information your Information Security from unauthorised access, use, destruction, modification or disclosure. Information Security is an essential component to the successful operation of any organization regardless of your size or industry.
Your business will deal with sensitive information of some sort be it employee or client details, financial information or even patents and other items of intellectual property. Here are four easy to implement tips to establish your Information Security procedures and protect your sensitive information from falling into the wrong hands.
Tip one: Know how to spot a fake email
This one may seem a little email 101 to most of us but it’s one that can be easy to disregard.
Fake emails often contain malicious attachments and web links that can contain spam or phishing content. Ensuring that all your staff are aware of the traits of a fake email and how to spot them is an essential first step to ensuring that your organisation isn’t caught out. Some things to keep an eye out for are;
- Calls for action – terms like ACT NOW or IMMEDIATE ACTION required are often seeking to confuse the reader
- Incorrect spelling or Grammar
- Be wary of giving out personal information
Tip Two: Keep your passwords close
Many people tend to use the same or similar passwords for multiple accounts, therefore if your password is compromised once there is a good chance other sensitive accounts could be compromised as well. Make sure your password isn’t one of these 25 most popular passwords. Maintaining good password hygiene and ensuring you aren’t sharing your passwords with others is a good place to start.
Tip Three: Keep your software up to date
Out of date software also makes your IT systems susceptible to malware attacks which can be a crippling occurrence to any business big or small. Software Updates often contain security patches to fend against evolving viruses and address issues and gaps within the software that such viruses can take advantage of.
Tip Four: Pay close attention when both sending and receiving invoices.
The New Zealand construction industry was recently the victim of an invoice fraud incident. Hackers were able to gain access to the email invoices from a NZ construction company and were able to reissue the invoices with fraudulent bank details. This resulted in customers paying over $100,000 into a false account. Read the full story here.
Be aware of changes to invoicing details and always seek to confirm these changes either in person if possible or over the phone with an established contact within the organisation. Care also needs to be taken when sending invoices – make sure your invoice details are correct and that invoices are being sent to the correct persons.