IT systems and information security are developing and changing at a rapid pace. To keep up with new demands, the ISO (International Organisation for Standardisation) created a family of extensions and codes of practice that link up with its information security management Standard, ISO 27001.
Together, they create a more comprehensive information security management system that can be adapted to suit the unique needs of your business.
ISO 27001 is the international Standard for Information Security Management. It was developed by the ISO to give businesses appropriate security measures to protect information and prevent it from being accessed, corrupted, lost or stolen.
To do this, the Standard features 114 controls that set out processes and procedures for controlling legal, physical and technical risks to information security. This enables businesses to create a robust information security management system (ISMS) to keep information safe.
To create an even more tailored ISMS. ISO 27001 can then be combined with ISO 27017, ISO 27018 and ISO 27701.
ISO 27017 builds upon ISO 27001's framework to create controls specific to cloud service providers.
The ISO also lays out responsibilities that should be followed by cloud clients to ensure IT teams know what they need from their cloud platform.
ISO 27018 provides a code of practice to cloud service companies who are also PII processors.
With relevant controls, the ISO helps businesses to keep information processed from the cloud safe.
The ISO helps businesses to protect data privacy and manage personal information.
It creates a system of processes for a Privacy Information Management System (PIMS) that helps businesses to assess, react to, reduce risks linked to the collection, storage, management and processing of PII.