For information security within any business or organisation, it is important to understand risk management standards and procedures. Compliance with the ISO/IEC 27001 code of practice is essential to the safety and availability of a company’s business data.
Information security within an organisation is the responsibility of the figurehead, whether it is the CEO, the owner or Information Security Officer, the leading member of the division should obtain a copy of the standard ISO/IEC 27002 code of practice and read through it, Svana Helen Bjornsdottir advises. It is a management standard that is essentially an overview of the best practices to ensure integrity and confidentiality of business data.
“Risk Assessment is only one part of three steps required for a full implementation of ISO/IEC 27001. The other two are Business Continuity planning and development of an Organisational Manual such as procedures, processes and policies” Bjornsdottir said.
Bjornsdottir, CEO of Stiki, is an ISO/IEC 27001 Certified Lead Auditor, Consultant and Trainer has many years of experience helping companies implement management systems. Bjornsdottir has recently published guidelines for small companies on how to achieve ISO/IEC 27001 certification.
The guidelines have been published in 3 steps with each focusing individually on these main concerning areas; Risk Management, Business Continuity Management and Workflows, Processes and Policies.