ISO/IEC 27001 – Information security management systems

One of the key resources in modern business is information. Financial data, data on how the organization works, contacts, employee data, product and technology data, contracts, records, etc. they are only part of the sea of ​​information available to a modern organization.

This international standard specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented ISMS (Information Security Management System) within the context of overall business risks in the organization. It specifies the requirements for the implementation of security management adapted to the needs of individual organizations or their parts.

Adopting an ISMS is a strategic decision for a company. The design and implementation of an ISMS is influenced by needs and goals, security requirements, the processes used, and the size and structure of the organization. The standard can be used to assess compliance by internal and external parties.

A successfully designed and implemented information security management system, which includes people, processes and the IT system, provides security and assurance to users and business partners that information security is on the list of business priorities, as well as that it is handled professionally and responsibly. The standard treats information as an asset and provides basic guidelines for its preservation, safe management and use.

Application  ISO/IEC 27001 it is especially intended for organizations that have internal and/or external information systems in their operations, confidential data, the functioning of which business processes depend on the information system, and other organizations that want to adapt to the needs of today’s information security.
It can also serve as a basis for the introduction of ISO 27701 (protection of privacy and personal data), as well as other standards in this area.

TMS has an internationally recognized ISO 27001 accreditation