The benefits of certification
When an ISO / IEC 27001 is built, maintained and improved, it creates a convincing potential of trust and peace of mind among all parties with which the organization works, and after ISO / IEC 27001 passes a successful certification procedure, the certificate of compliance has a value of definite and universal system guarantee provided by a serious, competent and independent body.
The benefits of a working system
Practice and life itself suggest that it is not possible to achieve absolute and permanent security. The most significant benefits of existing information security management systems are that they create a new way of dealing with and thinking about risks, that they keep a constant focus on security aspects, and that they include well-established mechanisms for threat prevention or response of events and incidents in such a way that they cannot become a relapse.
ISO / IEC 27001 policies and working tools are based on a balanced selection and combination of principles – for example, “protection in depth”, “minimization of the field of attack”, “distribution of responsibilities and rights”, “least privileges” and others long proven in practice, principles. It is a matter of appropriate case-by-case choice to determine the composition of the principal basis on which the ISO / IEC 27001 will be established.
Adherence to the announced principles is the factor that makes the system adequate, useful and practically oriented to the specifics of the business environment in which the organization operates.
Preparation for certification
The preparation for certification is largely expressed in the fact that the organization “inventory” and verify the evidence specified by the standard for compliance with security requirements. Among them, some of the most important, but not all, are: