ISO 27000

ISO 27000 standards – set of policies and procedures for your IT environment

ISO 27000 standards should be part of IT policies. A set of policies and procedures is required when dealing with data. Now, what is considered to be data? Data is an email address of your employee, partner or customer. Data is also a bar code of your product. It can be an airplane ticket number, or any other piece of information you need while doing your business.

The process of obtaining ISO 27000 certificate is clear and straightforward. It leads to full data security and protection. Random data storage should be the past. ISO 27000 standards require the clean desk policy. It will allow you to run your business in the most efficient way. The clean desk policy is easy to achieve as there are clear archiving procedures.  Document Management System (DMS) is a piece of software which can be handy. These are just a couple of aspects regarding ISO 27000 standards.

Manage IT out has a proven experience of the process. We can help your company as well. We are familiar with documents, procedures and policies needed for ISO 27000 certification.

Brief info on ISO 27001 procedures:

  • Define the security policy
  • Define the scope of the Information Security Management System (ISMS)
  • Conduct a risk assessment
  • Manage identified risks
  • Select control objectives and controls to be implemented
  • Prepare a statement of applicability

And on ISO 27002:

  • Risk assessment
  • Security policy
  • Organization of information security
  • Asset management
  • Human resources security
  • Physical and environmental security
  • Communications and operations management
  • Access control
  • Information systems acquisition, development and maintenance
  • Information security incident management
  • Business continuity management
  • Compliance

Let us share a little bit more about our experience in the certification process. The following set of IT policy documents is important: Business Continuity and Disaster Recovery policy, IT Acceptable Use policy, IT Backup policy, IT data decommissioning policy, IT policy, IT Security Incident reporting policy, IT Security policy. It will introduce you as a trustworthy partner to your clients. Or it will allow you to begin the certification process!

More about ISO 27000 standards and certification process can be found on ISO 27000 directory. Valuable material and further descriptions are available on ISO site. It is important to point out that ISO does not provide certificates. ISO's  Committee on Conformity Assessment (CASCO) produces set of standards used by certification bodies in the process of issuing certificates.

Manage IT out can assist you in choosing the most appropriate certification authority, help you applying ISO 27000 standards and guide your company through the certification process.


ISO 27000 standards set of policies and controls