First introduced in 2005, the ISO family of standards for managing information security has received more attention lately in the wake of increasing data breaches and security lapses. However, they’re still not as popular as HITRUST or SOC 2 audits, so in this post, we’ll specifically discuss ISO 27001, who it affects and what compliance means for your organization.
What is ISO 27001?
ISO 27001 is a compliance regulation such as PCI or HIPAA. There are about a dozen standards within the ISO family, but 27001 is the most common and the most pertinent for providing requirements regarding an Information Security Management System (ISMS). The ISO standards were first introduced in 2005, but were revised in 2013.
What is an ISMS?
Essentially, an ISMS is how you decide to approach protecting your sensitive data. That data may include financial records, medical information, internal employee data or other information entrusted to you by a third party. Your ISMS is not just the data itself but also the people, processes and technology around it, and includes a risk management process. The goal of the ISMS is to help organizations keep their information secure.
Do I need ISO 27001 compliance?
Continue reading What is ISO 27001 compliance? at Managed Data Center News.
