Skip to main content
ISO 27001
INFORMATION SECURITY MANAGEMENT SYSTEM (ISMS)

ISO 27001

ISO 27001

Information systems play a pivotal role in the operation of organizations. This brings a large variety of information security risks that might impact the operations, client processes and the organizations ability to compete in the global marketplace. ISO 27001 is the international standard for information security.

 

The ISO 27001 standard provides guidelines for the implementation, execution, maintenance, monitoring and continual improvement of an Information Security Management System (ISMS). The Information Security Management System (ISMS) is a structured approach to maintain confidentiality, integrity, and availability of an organizations information assets. The ISO 27001 standard follows a structured “plan, do, check, and act” approach for continuously improve the security processes in an organization. 

The most important difference of ISO 27001 and ISAE 3402 | SOC 1  is that ISAE 3402 reports explicitly on risk management and controls and ISO 27001 is a certificate with no detailed disclosure of controls.

 

High Level Structure (HLS)

The ISO High Level Structure (HLS) consists of seven mandatory subjects that are required to be covered by the management system of the new ISO 27001 standards. Additional requirements are applicable for each ISO standard, depending of the subject of the standard (quality/ information security etc.). The High-Level Structure enables integration of the management system with different disciplines providing the connection of strategic processes to operational processes. The HLS structure can easily be aligned to existing management models and procedures within organizations. 

HLS (subjects)

Trust Service Criteria
 

Leadership

The HLS is the basis overall structure for ISO implementation and integrates different standards. The HLS is often referred to as the "plugin model". For the HLS a Context Analysis should be prepared. In the Context Analysis a mapping of internal and external risks is prepared. This mapping is linked to interests and requirements of stakeholders. Roles within the organization, responsibilities and the management policy are described in the Leadership section. In the Leadership sector the management system and overall strategy are integrated and related to operation processes.

Benefits ISO 27001

ISO 27001 certification demonstrates that an organization has identified the information security risks, assessed the implications and implemented a risk control framework. This risk control framework limits any damage to systems, clients processes and the organization a whole. Generally, the benefits of ISO 27001 certification are:

 

 

Improved customer and business partner confidence. ISO 27001 certification portrays that processes are in control and risks are effectively managed.

Increased business resilience. Resilience improves by a structured approach and management of risks

The Risklane approach for implementing ISO 27001 is based on industries best practices for security, risk management and internal control. This combined with our in-depth knowledge in different industries with improve your internal control and procedures to the best in your industry.

Alignment with customer requirements improves mutual understanding between your customers requirement and your organization's processes.

Risklane and ISO 27001

Your organization will experience the benefits of our pragmatic and professional approach for implementing ISO standards. Among our clients are a significant number of European datacenters, SaaS providers, managed service providers, property managers and institutional investors. Risklane prepares all control frameworks in compliance with industry specific  and generally accepted compliance frameworks, such as the ISO 31000, COSO 2013 and COBiT 5.0. These are considered as the most advanced and professional standards in the industry and will help your customers to trust your organization.