ISO 27001 (ISO 27001:2013) is an international standard for the implementation of a best practice Information Security Management System (ISMS). ISO 27001 accreditation requires an organisation to bring information security under explicit management control.
To achieve ISO 27001, organisations are formally audited and certified. Whilst not every organisation will accredit to ISO 27001, many organisations globally use the standard to measure their security policies, processes and controls against.
ISO 27001 requirements, such as document labelling and classification, are designed to prove that businesses are serious about data security. The international standard also requires:
- Classification of all information
- Systematic assessment of the organisation’s information security risks, threats, vulnerabilities and impacts;
- Design and implementation of a comprehensive suite of information security controls and risk treatment (such as risk avoidance or risk transfer) to address unacceptable data security risks.
- An overarching management process to ensure information security controls continue to meet the organisation’s evolving security needs
ISO 27001 amounts to a standard of best practices for information security. Whilst non-compliance will not incur expensive fines or criminal liability, choosing not to adopt a widely-recognised best practice leaves an organisation vulnerable to loss of reputation and business in the event of a data breach.
- Boldon James Data Classification products support ISO 27001 certification and adherence to best practice security by allowing users to identify key data & make decisions about how it is stored and transmitted.
- Classification of all information assets might seem a large task to an organisation with no data structure, but tools such as Boldon James Power Classifier can quickly and effectively classify vast legacy data archives, whilst tools such as Office Classifier and Email Classifier support users in the classification of new data.
- Boldon James Data Classification products supports ISO 27001 compliance by:
Labelling or protectively marking documents to identify information requiring special handling.
- Educating users about the sensitivity of information & ensuring adherence to policy with the application of visual labels.
- Making users aware when sensitive or unauthorised data is leaving the organisation, or warning or preventing users from sending messages that contain highly sensitive information.
- Providing audit logs on classification events which can be analysed in the Classifier Reporting tool.