ISO 27001 is an Information Security Management Standard (ISMS), published in October 2005 by the International Organisation for Standardisation (ISO) and the International Electrotechnical Commission (IEC)
Essentially an updated version of the old BS7799-2 standard, ISO 27001 provides a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within an organisation. Taking into consideration a specific organisation’s overall perceived risk, it details requirements for the implementation of security controls, suited to the needs of individual businesses.
Many organisations will have information security controls in place, but what many are lacking (and what ISO 27001 covers) is the need for a management approach to these controls.
ISO 27001 Standards
The ISO 27001 standard is an optional certification that provides a structured approach when implementing an Information Management System. If an organisation takes the decision to adopt this standard, the specific requirements stipulated by ISO 27001 must be followed, as auditing and compliance checks will be made.
ISO 27001 requires that management within the organisation must:
- Systematically assess the organisation’s information security risks, taking account of the threats, vulnerabilities and impacts.
- Design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that it deems unacceptable.
- Adopt an all-encompassing management process to ensure that the information security controls continue to meet the organisation’s information security needs on an ongoing basis.
What are the implications of ISO 27001 in terms of file transfer?
If your organisation has adopted the ISO 27001 Information Security Management standard, you must ensure that any file transfer solution purchased, will adhere to your implemented IMS.
Our specialists at Pro2col can help you to source and implement a ISO 27001 certified, secure file transfer solution to suit your business requirements. Please contact Pro2col on 0333 123 1240 for more information.