ISO 27000 - A Basis for Business Security Strategies
ISO 27001 has been adopted by many large enterprises as a standard to align management processes with information security in order to protect an organisation's most valuable assets. The guiding principles of the standard set the path to implementing good information security across the business and provide a platform to raise the profile of security.
Full certification of the standard, which includes an audit every three years and surveillance audits every six months, demonstrates an organisation's commitment to the protection of company data and systems, which is particularly important for companies that protect critical information as part of their business or who manage information on behalf of others.
Those who are aligned to the standard see it as having created a more efficient, focused and secure business, but with any investment in new processes within the enterprise there needs to be a clear business case to achieve that crucial buy-in from executives.Information and governance professionals within large enterprises are concerned not just about sign-off for investment but also how the standard will dovetail into other processes and methodologies and how to ensure that suppliers are towing the line if they are managing critical company data.
"The Corporate IT Forum is a fantastic level check, free of vendor sell and consultancy hype. I like the open sharing of experience…"
"We get valuable knowledge and experience from members of The Corporate IT Forum. This helps us to make better and informed decisions to reach our business goals…"
"The knowledge from other people on what they are doing/have done is invaluable to my team"
"The workshop validated the marketplace for supplier apps; participants were of a uniformly high standard; personally, I value highly the ethos of the Forum in the fact that it is supplier independent"