The value of information to an organisation cannot be overestimated. Indeed, in terms of economic potential, information largely informs organisational strategy and growth potential. Quite simply, information as an organisational asset cannot be ignored. Unfortunately, the value of organisational data is also recognised by the criminal fraternity who, apparently, will stop at nothing in an attempt to get their hands on organisational information. More disturbing is the reality that the greatest threat to an organisation often comes from within. Internal attacks by an ‘insider threat’ are likely to arise from poorly drafted and implemented policy documentation, poorly defined procedures and inadequate levels of staff awareness training.
So, how can an organisation protect its most valuable asset and, at the same time, convince other parties of their ability to handle and store data in a secure manner?
An industry-wide recognised certification process will both offer protection to an organisation’s information assets and encourage third parties to trust the organisation to handle and store data in a secure manner.
The ISO/IEC 27001:2013 Standard provides a baseline minimum set of controls which, taken collectively, provide the much sought defence-in-depth. The Standard provides an array of controls encompassing people, places, processes and technologies. Once an organisation has attained full certification to the Standard, employees, suppliers and customers may be assured of the organisation’s ability to look after information assets in an industry-accepted manner.
Certification is a badge of confidence – customers and partners will know they can do business with an ISO 27001 certified organisation safe in the knowledge their data shall receive full protection. From the organisation’s perspective, certification elicits a genuine competitive edge over rivals who have yet to attain certification. Economic principles often show that a competitive edge is usually translated into a higher profit margin. Successful certification to the Standard is a win-win situation.
Silcox Information Security offers the following ISO/IEC 27001:2013 consultancy services:
- Gap Analysis
- Risk Assessment
- Risk Remediation / Treatment Plans
- Statement of Applicability (SOA)
- Policy Development
- Staff Awareness Training
- Management Presentations
- Pre-certification Audits to ISO/IEC 27001:2013
Our consultants are qualified ISO/IEC 27001:2013 Lead Auditors, with many years’ experience of delivering information security services.