Supporting Compliance For ISO 27001

Text

ISO 27001 (ISO 27001:2013) is an international standard for the implementation of a best practice Information Security Management System (ISMS). ISO 27001 accreditation requires an organisation to bring information security under explicit management control. To achieve ISO 27001, organisations are formally audited and certified. Whilst not every organisation will accredit to ISO 27001, many organisations globally use the standard to measure their security policies, processes and controls against:

Ensuring appropriate control of confidential or sensitive information

Classifying or labelling data with visual (and metadata) labels to highlight any special handling requirements

Alerting users when personal data is leaving the organisation to warn or prevent them from sending messages that contain sensitive information

Educating users about the sensitivity of data whilst ensuring adherence to corporate policy

Utilising metadata labels to drive additional security controls and solutions, such as DLP, encryption and rights management

Orchestrating data management solutions, such as data retention and archiving, to ensure adherence to data storage requirements