Data and information protection is now a hot topic for the government, businesses and the public, particularly after significant cyber-attacks have drawn attention to the security weaknesses of large businesses and organisations such as NHS hospitals and local councils.
To help all organisations, large and small, keep their information safe and their reputations intact, the ISO (International Organisation for Standardisation) developed ISO 27001, the Standard for information security management.
This Standard helps organisations to create a framework for an information security management system (ISMS), which helps to protect your information from cyber-attack, hacks, theft and data leaks by developing best practice.
But ISO 27001 goes beyond IT. To give organisations the security they need, this comprehensive Standard encompasses all aspects of a business, developing risk management throughout for a robust culture of security.
This means that you will develop processes that cover the legal, physical, human and technical aspects of your organisation, protecting both digital and physical assets.
To do this, the Standard includes a diverse set of controls.
What controls does ISO 27001 include?
The wide and in-depth scope of this Standard contains 114 separate controls. Each control has been developed to help businesses cover the various aspects of information protection. All controls are implemented unless they are not relevant to your organisation’s particular activities.
These controls are gathered together in a section known as Annex A, which is then split up into 14 categories. These categories cover everything from developing an information policy to creating access processes.
You can see the full list of categories below:
Annex A.5: Information security policies
Annex A.6: Organisation of information security
Annex A.7: Human resource security
Annex A.8: Asset management
Annex A.9: Asset control
Annex A.10: Cryptography
Annex A.11: Physical and environmental security
Annex A.12: Operations security
Annex A.13: Communications security
Annex A.14: System acquisition, development and maintenance
Annex A.15: Supplier relationships
Annex A.16: Information security incident management
Annex A.17: Information security aspects of business continuity management
Annex A.18: Compliance
By applying these controls, you can ensure that your organisation remains compliant with the latest regulations and legislation, stays up to date through continual improvement and boasts robust risk management.
To find out more about the controls of ISO 27001 and what they involve, head over to our dedicated web page, which includes a comprehensive summary of each control featured in the Standard.