ISO 27001 Benefits


Published on

Short Powerpoint presentation for the management that describes the benefits of ISO 27001, and the process of its implementation.

Published in: Technology, Business

ISO 27001 Benefits

  1. 1. Benefits of ISO 27001
  2. 2. About ISO 27001 <ul><li>Leading international standard for information security management </li></ul><ul><li>Till the end of year 2009, more than 12 , 000 organizations worldwide certified against this standard </li></ul><ul><li>Its purpose is to protect the confidentiality, integrity and availability of information </li></ul>
  3. 3. ISO 27001 <ul><li>It is not a technical standard that would describe the ISMS into technical detail </li></ul><ul><li>It does not focus only on information technology, but also on other important assets at the organization </li></ul>
  4. 4. ISO 27001 <ul><li>Focuses on all business processes and business assets </li></ul><ul><li>Focuses on reducing the risks for information that is valuable for the organization </li></ul><ul><li>Information may or may not be related to information technology, may or may not be in a digital form </li></ul>
  5. 5. ISO 27001 benefits <ul><li>Better organizational image because of the certificate issued by certification body </li></ul><ul><li>Lower costs because of the avoided risks </li></ul><ul><li>The operations in the organization are running more smoothly because the responsibilities and business processes are clearly defined </li></ul>
  6. 6. Process of ISO 27001 implementation <ul><li>Phase 1 - Planning </li></ul><ul><li>Phase 2 - Implementing </li></ul><ul><li>Phase 3 - Checking </li></ul><ul><li>Phase 4 - Improving </li></ul>
  7. 7. Planning the ISMS <ul><li>Policy and objectives </li></ul><ul><li>Risk assessment & risk treatment </li></ul><ul><li>Risk Assessment Report </li></ul><ul><li>Statement of Applicability </li></ul>
  8. 8. Implementing the ISMS <ul><li>4 mandatory procedures </li></ul><ul><li>Risk Treatment Plan </li></ul><ul><li>Implement all controls </li></ul><ul><li>Conduct trainings, awareness </li></ul>
  9. 9. Checking the ISMS <ul><li>Execute monitoring and reviewing procedures </li></ul><ul><li>Measuring the effectiveness of controls </li></ul><ul><li>Internal audit </li></ul><ul><li>Management review </li></ul>
  10. 10. Improving the ISMS <ul><li>Corrective actions </li></ul><ul><li>Preventive actions </li></ul>
  11. 11. Requirements for successful implementation <ul><li>Management support (available people + funding) </li></ul><ul><li>Project team </li></ul><ul><li>Awareness of employees </li></ul>
  12. 12. Duration of implementation <ul><li>For very small organizations (less than 10 employees) - up to 4 months </li></ul><ul><li>For small organizations (10 to 50 employees) - up to 8 months </li></ul><ul><li>For middle sized organizations (50 to 500 employees) - up to 12 months </li></ul><ul><li>For large organizations (500 or more employees) - up to 18 months </li></ul>
  13. 13. Cost of implementation <ul><li>It is not possible to calculate the cost before the risk assessment is completed and applicable controls are identified </li></ul><ul><li>Majority of investment is usually not in technology, but in employees that are implementing the ISMS (invested time + trainings) </li></ul>
  14. 14. For more useful information: