The International Organization for Standardization, or ISO, has developed more than 18,000 business standards in order to promote quality control and continuous improvement. Businesses seeking ISO certification do so to improve their operations in accordance with the group's strict protocols. ISO 27001, introduced in 2005, seeks to improve information technology operations and security, with proven management oversight.
Aligning Business and Technology Objectives
ISO 27001, often referred to as ISO 27001:2005, applies specifically to information technology management, and in particular security. Because this standard forces business management and technical staff to cooperate to meet certain management and information control objectives, it can dramatically improve alignment between these sometimes disjointed groups. ISO recommends this to foster continuous-and sustainable-improvement. The standard applies to all sizes and types of businesses seeking ISO certification.
ISO freely acknowledges that for every technological advance, new security concerns arise. ISO 27001 helps organizations stay current by establishing consistent security product and process evaluation, implementation, monitoring, review and maintenance procedures. Applying a standard process to the selection and maintenance of existing and new security procedures that involves both management and information technology (IT) personnel helps prevent problems before they occur. It also addresses legal compliance through standardized internal and external audits.
ISO 27001 provides additional opportunities for benchmarking, helping companies more readily implement best practices and reach stretch goals. Detailed, expanded comparisons with others in the same industry leads to breakthrough improvements. This standard also encourages everyone in the organization-from management to technical staff-to get on the same page regarding goals and objectives, improving communication and ultimately results.