ISO 27000 - A Basis for Business Security Strategies

Download this Corporate IT Forum Output Report. The report has been compiled based on the shared experiences of 21 corporate IT professionals representing 14 different organisations from industries including charity, construction, consulting, government, healthcare, international food group, international law, logistics, petroleum, transport and utilities.

ISO 27001 has been adopted by many large enterprises as a standard to align management processes with information security in order to protect an organisation's most valuable assets. The guiding principles of the standard set the path to implementing good information security across the business and provide a platform to raise the profile of security.

Full certification of the standard, which includes an audit every three years and surveillance audits every six months, demonstrates an organisation's commitment to the protection of company data and systems, which is particularly important for companies that protect critical information as part of their business or who manage information on behalf of others.

Those who are aligned to the standard see it as having created a more efficient, focused and secure business, but with any investment in new processes within the enterprise there needs to be a clear business case to achieve that crucial buy-in from executives.

Information and governance professionals within large enterprises are concerned not just about sign-off for investment but also how the standard will dovetail into other processes and methodologies and how to ensure that suppliers are towing the line if they are managing critical company data.