ICAEW.com works better with JavaScript enabled.

Simply the best

ISO 27001 provides a best-practice approach to mitigating cyber security threats faced by firms, as the vast majority of respondents to a new IT Governance survey agree. Alan Calder explains.

With increasing volumes of information stored and transmitted electronically, and online threats growing in number and severity on a daily basis, information security is unquestionably a business critical issue in the modern world.

Every organisation is at risk from attack, and the effects can be catastrophic – whether the immediate expense of firefighting, regulatory fines and legal costs, or the long-term price of reputational damage and lost custom.

The international standard ISO/IEC 27001:2013 sets out the best-practice requirements of an information security management system (ISMS) – a risk-based approach to data security that addresses people, processes and technology. 

This approach means that service levels can be defined and monitored internally – as well as in contractor/partner organisations – by demonstrating the extent to which there is effective control of the risks for which directors and senior management are accountable.

This is an extract from an article in the March/April 2015 edition of Chartech, the magazine of the IT Faculty. 

Find out more

Members of the IT Faculty and subscribers of Faculties Online

Full article is available to IT Faculty members and subscribers of Faculties Online.


To read the complete article, join the IT Faculty or subscribe to Faculties Online.