What Is ISO 27001:2013
Part of the ISO / IEC 27000 standard family, the last of which was published in 2013, with several minor updates since then. It is published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) under the joint subcommittee of ISO and IEC, ISO / IEC JTC 1 / SC 27.
ISO / IEC 27001 specifies a management system that is intended to bring information security under management control and provide specific requirements. Organizations that meet the requirements can be certified by an accredited certification body upon successful completion of the audit.
Requirements – requirements
- Context Organization
- Leadership
- Planning
- Support
- Operation
- Performance
- Evaluation
- Improvement
Benefits Implementation
Companies will get many benefits by implementing this international standard management system, including :
- Maintain the confidentiality of information that is confidential in an organization
- Provide confidence to customers and interested parties in risk management
- Provides secure management of information exchange
- Provide a demonstration of regulatory compliance
- Providing consistency in the quality of services and products of an organization
- Manage and minimize risk exposure
- Protect company assets, shareholders and related interested parties
Consultation program
1. Gap Analysis
- Review the maturity level of the current management system implemented by the company and to determine gaps with standard requirements
2. Management system creation
- Creating a management system with a system level that aims to facilitate the implementation and understanding of employees in implementing this management system standard
3. Training
- Equip employees with a thorough understanding of a good quality management system so that they can maintain consistency in implementation even though they are no longer accompanied by a consultant
Preparation for consultation
Several things that need to be prepared by the company before the consultation process, namely :
- Forming a committee team for the implementation of the quality management system consisting of representatives from each department
- Collect all documents currently used in managing the company
- Company legality data for registration requirements to the certification body