With increased usage of new technology to store, transmit, and retrieve information, we have exposed ourselves to increased numbers and types of threats. The overall approach to Information Security, and integration of different security initiatives needs to be managed in order for each element to be most effective. An ISMS allows you to coordinate your security efforts effectively. The implementation of ISO/IEC 27001:2013 will reassure customers and suppliers that information security is taken seriously within your organization and defined processes are in place to deal with information security threats and issues.
The ISMS standard can be used by a broad range of organizations – small, medium, and large – in most of the commercial and industrial market sectors: technology, finance and insurance, telecommunications, healthcare, utilities, retail and manufacturing sectors, various service industries, transportation sector, government and many others. Like its predecessor, ISO/IEC 27001:2013 specifies the processes to enable a business to establish, implement, review and monitor, manage and maintain an effective ISMS.
The final version of ISO/IEC 27001:2013, Information technology – Security techniques – Information security management systems, is available, and replaces ISO/IEC 27001:2005. The Information Security Management System (ISMS) is a systematic approach to managing sensitive company information so that it remains secure. It encompasses people, processes, and IT systems. The international standard provides the framework for an organization to implement a globally recognized system for managing the security of their information.
The ISO 27001 standard integrates the process-based approach of ISO’s management system standards, including the Plan-Do-Check-Act cycle and requirement for continual improvement. Meeting the standard assures customers and suppliers that organizations have developed and certified their information management systems to an internationally recognized standard for security.
SRI was the first and at accreditation, the only U.S.-based registrar to be approved by ANAB to ISO 27001. January 25, 2010 – SRI became the first and only U.S.-based and U.S.-wholly owned registrar accredited by ANAB to certify a company’s Information Security Management System (ISMS) to ISO 27001. SRI is uniquely qualified and singly committed to the growing number of U.S. companies that need ISO 27001 certification.
Compliance – ISO 27001 certification provides a management framework for continuing conformance to information security requirements. This framework can also be used to meet the legal and regulatory requirements of HIPAA, SOX, and GLBA, as well as other government and commercial contracts. And as a management framework, ISO 27001 is a better alternative to SAS 70 for companies that must have a documented, certified, or demonstrated information security program.
It has been our privilege to work with and recognize the success of so many dedicated, hard working companies and individuals since our founding in 1991. It has been our and our clients' commitment to people, management systems, and delivering value that has made us all successful.
Since its start, SRI has been actively involved in the development of standards and their application in industry. We continue to be involved today in shaping the value of ISO registration for all companies worldwide. When you work with SRI, we bring a world of experience and expertise to work for you.