Put into practice the requirements of ISO 27001: 2013: Information security

Information security is not restricted to IT specialists alone, even though the information system relies heavily on IT solutions. Setting up an Information Security Management System (ISMS) is entirely a strategic choice for the organization.

The purpose of the Information Security Management System is to preserve the 3 essential criteria of information - Availability, Integrity, Confidentiality - relying on a risk management process, intended to reinforce the trust of the interested parties: shareholders, customers, employees, prospects, partners, suppliers, Company.

Discover: The ISO 27001: 2013 standard is the repository of the applicable requirements if you want to implement an Information Security Management System (ISMS). This book is for anyone interested in management systems: ISO 9001, OHSAS 18001, ISO 14001, ISO 27001, ... The subject of information security is understood as quality, health and safety. employee safety (OHS) and the environment.

Interpret: A management system standard describes the requirements to be implemented within an organization. A requirement always formalizes what you need to do (the what) but by no means the way you are going to answer it (the how). Implementing pragmatic solutions while keeping the practical sense is the right approach.

Capitalize: The implementation of the ISO 27001: 2013 requirements is part of an SMI (Integrated Management System) approach, as already mentioned above. The standards ISO 9001 (quality), ISO 14001 (environment), OHSAS 18001 (Health and safety at work), currently being revised, will be part of the unified structure of management standards, as is already the norm ISO 27001 2013. With a passion for information security, you will be able to capitalize on best practices, applicable by extension to other management systems.