ISO 27001 in your company

Today, one of the highest risks affecting companies is related to the protection of information generated by both their activities and the nature of the industry where they operate. For this reason, a key aspect in the company’s strategy is taking the required actions to be safe.

In order for this to happen, there is a family of standards able to provide the necessary guidelines to be formally adopted as part of a business strategy. This family of standards corresponds to ISO 27000, information security, and mainly ISO 27001 and ISO 27002, which are the most known and used in business schemes for information security management. ISO 27001 is the standard defining the requirements for the design, implementation, and maintenance of an Information Security System, which may also be certifiable by an accredited entity for this purpose.

As usual –although not so explicitly in the most current versions of these standards–, the continuous improvement cycle known as PDCA or Deming cycle is the reference framework of these standards, which defines a comprehensive system that can be applied at all levels in the organization. This system plans, implements, monitors, controls, and improves actions allowing organizations to be able to find the best way to protect information by implementing security measures and controls. Likewise, these security measures and controls are described in ISO 27002 (an extended version of Controls defined in ISO 27001 Annex A), based on risk management, which makes it possible to identify the most critical aspects that must be controlled and managed regarding information security.