ISO 27002 (formerly 1799) and ISO 27001- Information Security Management
On the basis of the need to protect information was designed the comprehensive system requirements for the ensuring of information security in companies. The information security is here understood as ensuring of confidentiality, integrity and availability of information.
The system intervenes also in the area of the organizational safety, personnel qualification, operation and maintenance. The security system is engaged not only in fulfillment of legislative requirements, observation of the safety rules and agreements, but especially in identification and finding of risks and in prevention. The systematic risks analyses are basis for solution, which identify possible threats and are the starting point for minimization of risks.
ISO 27002 (formerly 17799) - international standard specifies the basic instructions and recommendation for provision of information security. It provides instructions and procedures for the implementation of basic security measures for information protection of organization.
ISO 27001 - is standard stipulating requirements for information security management. According to this standard are carried out screening system and contingent certification by independent organization. The requirements are often incorporated into integrated management system (quality, environment, labour protection, ...) as separate part of integrated handbook or manuals or other documentation such as technical (methodology and risk assessment activities, assuring of diversifications and financial implications in cause of its failure, code of conduct, ...).
Risk of obtaining classified information by competition
Competition can use e.g. the database of your partners, classified production documentation (plans, models, specific procedures, ...), the intended strategic concepts, ..., but also information about your key financial indicators.
Risk of data loss
Data loss can mean exposure of organization run, high cost for data recovery, risk the performance terms of orders, but also sanctions from the state e.g. the lack of protection of personal data of employees.
And many other…
If you are interested, please contact us: firstname.lastname@example.org.
You can contact us even on our helpdesk:
+420 572 555 337-8