ISO 27001 – The IT standard that’s not just for IT
Q: When is an industry standard not just a standard for that industry?
A: When it’s an ISO standard!
A simple error too often made about ISO Standards is that they pertain only to the industry to which they are aligned. So, the Energy standard must be relevant only to the Utility sector or Environmental standard to ‘green-facing’ or waste-producing industries. Not so.
ISO Standards whilst relevant to specific sectors or are not sector-specific and none more so than ISO 27001, the Information Security Standard.
If you think the IS standard applies only to the IT industry, think again!
What is ISO 27001?
ISO 27001 is the international standard for Information Security which specifies the requirements for an ISMS – Information Security Management System. The standard’s risk-based approach allows organisations to optimise their IS practice by addressing people, processes, and technology.
Isn’t an IT standard for IT companies?
Yes and no. While thousands of IT organisations worldwide work to the standard’s strict requirements, many more outside of the industry have adopted ISO 27001 because they not only see it as good for business but fundamental to the safeguarding of data – internal, shared, and client. Global Pharma, Government bodies, and Professional Services organisations rely heavily on the IS standard to help them achieve and maintain regulatory compliance, client and commercial confidentiality, and effective IT governance.
ISO 27001 – Confidentiality is key
Central to the aim of ISO 27001 is the protection of information.
Fundamentally, the standard is about protecting data and while technology can do a lot, it can only do so much. If personnel lack awareness of or adequate training in IS technologies, tools, or protocols then already they are a weak link in the chain of security.
Furthermore, many hacks or attacks, are initiated from the inside, so if the procedures and processes aren’t there to risk-manage or change employee behaviour then all the technology in the world will prove useless.
Ultimately, any business storing or holding sensitive data – commercial or client – will benefit from implementing an ISO 27001 management system.
Which industries are adopting ISO 27001?
Financial Services
Banks, Credit Unions, Insurance companies, Mortgage Brokers, and other Financial Institutions typically implement ISO 27001 ISMS to achieve legislative and regulatory compliance. In particular, the EU GDPR has made it obligatory for companies to achieve optimal data access, protection, and storage.
Data Protection is integral to the operational function of the FS sector, given the strict national and international legislation to which it must adhere. Legislation, which it must be said, replicates many of the requirements of ISO 27001.
The perfect methodological complement to the typical risk-based approach of the FS sector, in addition to its central role in achieving compliance, ISO 27001 has also proved to be beneficial to financial institutions from a monetary perspective. When one weighs up the costs of implementing the ISMS with the costs of fines levied by the ODP or legal costs incurred because of a data breach, the differences are significant.
Financial institutions trade on reputation and trust; applying the principle of ISO 27001 is one of the most unfailing ways in which the FS can maintain both.
Government Agencies & Public Bodies
All public sector bodies handle extremely sensitive and highly confidential information. Auditor General, Defence, Justice, Finance, CSO, Social Protection to name but a few departments with an obligation to protect the integrity and security of data being processed and stored in their IT infrastructure.
Furthermore, under the terms of GDPR, all agencies handling and storing confidential personal information must ensure the immediate availability of such data on request.
Designed to meet these requirements, ISO 27001 is the ideal solution to support efficacious data storage, management, and security. In addition, with its global recognition as the go-to benchmark for IS, the standard acts as a robust framework for governments at all levels from local, national, EU, and international.
Tech Companies
From solutions providers to hosting companies to software resellers, managed services companies to enterprise consultancies, in 2022 there are very few tech companies in Ireland that have not implemented ISO 27001.
First up, it is now nearly impossible to qualify to bid for an OGP or Public tender without being ISO certified.
Secondly, being certified to ISO 27001 is a public display to clients – existing and new – of commitment to keeping their data safe and secure.
Many IT companies – especially those involved with hosting or managing data centres – certify to the standard to meet contractual obligations or the terms of agreed SLAs with larger corporate clients. In many cases, those in the tech or fintech sector use ISO 27001 to optimise operations, inform and educate employees, and streamline data-related processes across all departments.
Telecoms & Utilities
Telecoms and Utility companies (including Broadband/Media companies) hold vast amounts of data that must be protected, securely stored and archived, and kept readily accessible. Data management is central to mitigating against service outages and ISO 27001 provides them with the best framework with which to achieve all of these obligations.
These industries are also subject to strict laws and regulations, so ISO 27001 can help keep them in check when it comes to compliance.
Any Other Business
That processes or stores sensitive data! To be honest, the list is endless. Hospitals, health executives, NDLS, toll operators, hospitality.
Basically, any company that has confidential, commercially, or personally sensitive information can benefit from adopting ISO 27001. Rather than viewing ISO 27001 as something for the IT department to be concerned with, you should view it as an operational tool with which your business can achieve real benefits including peace of mind.
To learn more about the benefits of ISO 27001 read our brief on ISO 27001 Services & Certification.
Click Here for more information on ISO 27001 Standard
Click Here for more information on the Benefits of ISO 27001
For more information on ISO certification or how ISO 27001 can protect your business contact Caroline at hello@cgbc.ie or give her a call on 01 – 620 4121.
