Maybe you haven’t heard much about ISO 27001. But soon, you will. ISO 27001 is the International Standards Organization’s standard that, along with its related standards – 27002 and 27003, deals with Information Security Management Systems (ISMSs).
These days, it seems we get almost daily reminders of how vulnerable data and information are to being stolen. Home Depot’s recent hack (Aug. / Sept. 2014) is just the latest in a string of high-profile data security breaches that have resulted in the exposure of millions of credit card numbers, complete with names and addresses of the cardholders.
Clearly, as our world becomes ever more interconnected, the risk of even greater loss of information will continue to grow. Add to this the fact that it has never been easier for small businesses (without sophisticated IT departments) to start accepting credit cards and user registrations online, and you begin to realize the magnitude of the risk.
The International Standards Organization has a standard that helps companies implement procedures which can significantly reduce the risk of information theft. Implementation of this standard can not only significantly reduce the risks to your organization and its customers, it can also reduce or eliminate the potentially astronomical costs that can come with a data breach. Also, adopting the standard and getting certified to it can provide a unique marketing opportunity by allowing your company to promote the fact that it has certified systems in place to protect customer and corporate data.
ISO 27001 is so important that it may even supplant ISO 9000 as the most important standard. Why? Because while ISO 9000 deals with quality management in general, ISO 27001 deals with something with a much greater potential to negatively affect society – information and identity theft.
ISO 27001 Certification is growing rapidly. In 2006 the number of companies, worldwide, certified to this standard was around 6,000. By 2012 that number had risen to nearly 20,000. A 333% increase in just 6 years. (Source: ISO.org, ISO Survey Results 2012 )
As stated on the ISO.org website, “[an information security management system] can help small, medium and large businesses in any sector keep information assets secure.” ISO 27001 may be worth considering!
Companies already certified to ISO 27001 may want to promote that fact to their customers with our professionally designed ISO 27001 flags, banners and graphics.
Please weigh in with your comments below.