תקן אבטחת מידע
ISO 27001
ISO 27001 information security standard
ISO27001, is an international standard for information security management, the standard was originally published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in 2005, then upgraded in 2013 and this year in 2022. Security Management (ISMS) that aims to help organizations make the assets they others and/or exposed to them to be safer and more protected.
Organizations that meet the requirements of the standard can choose to be certified by an accredited certification body after successfully completing an audit.
In the ISO 27001 standard from 2022 there are 93 controls in 4 groups:
5: Organizational controls
6: Employee management controls
7: Physical controls
8: Technological controls
New authorizations are carried out starting from 30.04.2024 to the new standard, the certificate is valid for the old standard (2013) until 31.10.2025
?How It Works
The steps of the process
Information gathering
Meetings with people, familiarization with processes and technologies: familiarization with organizational structure, business processes in the company, work procedures and information systems used in the company.
1
3
Correction and update
Treatment of gaps by a professional team with specializations in the relevant fields such as: content experts to write information security procedures, professional testers who will perform penetration tests.
2
Information analysis
Analysis of the existing situation in the company against the requirements of the standard for each of the sections. Presentation of gaps in a summary report with recommendations and prioritization for treatment.
4
External audit
An external audit is performed by one of the authorized institutes. The auditor goes through the SOA, the statement of applicability and supporting references and at the end issues a certificate of certification for compliance with the standard.