When it comes to keeping information assets secure, ISO 27001:2013 is relied on by many organisations, particularly those providing products and services to the Australian Defence Forces. It is widely known for providing requirements for an information security management system (ISMS) enabling organisations of any kind to manage the security of their assets such as financial information, intellectual property, employee details or information entrusted by third parties.
The standard specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organisation. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements are generic and are intended to be applicable to all organizations, regardless of type, size or nature.
Like other ISO management system standards, certification to ISO 27001 allows organisations to benefit from the best practice it contains and reassurance to customers and clients that they are a safe partner to work with.