Translated by
2019/12/02 16:48:30

ISO/IEC 27001

.

Content

ISO/IEC 27701

On November 28, 2019 it became known that BSI, the company on business improvement, started the global scheme of certification on compliance to requirements of ISO/IEC 27701 to help the organizations to create, implement and support a management system for confidential information.

The first organizations certified by BSI according to this standard: Accenture plc, Alibaba Cloud Computing Ltd., Alibaba.com Singapore E-Commerce Private Limited., Beijing Microlive Vision Technology Co., Ltd, Blackhawk Network Inc., Huawei Software Technologies Co., Ltd Huawei Mobile Services (HMS) Huawei Cloud, Lotte Duty Free, PwC Mauritius, and Ribose Group Inc.

The organizations are faced by a double task — to collect and process the growing amount of data, providing at the same time compliance to the new, constantly extending list of rules about confidentiality and to the legislation drafted around the world. The scheme of certification is based on the ISO/IEC 27701:2019 standard of the Measure and security protection — the ISO/IEC 27001 Expansion. The standard published in August provides to the organizations the guide to operational control for ensuring compliance to requirements about confidentiality of data, such as General provisions of the EU on data protection (GDPR), the Californian law on protection of private life of consumers (CCPA) and General law on data protection of Brazil (LGPD). The standard is expansion of a system of management by information security of ISO/IEC 27001.

For successful passing of certification on compliance to requirements of the standard, the organization it is necessary to pass the independent assessment including the careful audit of the production site covering all requirements of ISO/IEC 27701. The organization conforming to requirements of this standard should have documentary confirmation of how it processes personally identified information (PII). Such confirmation can also promote simplification of achievement of arrangements between business partners when information processing of personal character is relevant. One of criteria of passing of certification is existence of the certificate of conformity and the operating information security management system of ISO/IEC 27001.

«
For maintenance of sustainable development of the organization should provide personal data protection to which they get access, collect, store, process and use. It becomes harder and harder task, considering the growing amount of data which the organizations, and constantly developing requirements of the world legislation on confidentiality of personal data should manage. Passing of certification on compliance to this standard helps to create trust and transparency of the relations between partners. Having the certificate, the organization can show the conscientious attitude and pro-active approach to data protection. We are glad to provide the organizations which underwent certification within our global program for the first followers of this standard that is a great achievement,
commented Ahmad Alkhatib, the director of business development of independent examination in[1]
»

ISO/IEC 27001:2013

Standard ISO / IEC 27001: 2013 represents descriptions of the best world practices in the field of information security management and sets requirements to an information security management system.

ISO/IEC 27001:2005

International standard ISO/IEC 27001:2005 "Information technologies. Protection methods. Information security management systems. Requirements" it was developed by International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). The standard sets requirements to development, implementation, functioning, monitoring, the analysis, support and improvement of a documentary information security management system among existing business processes of the organization.

ISO 27001

ISO 27001 generalizes world experience in information security management and describes methodology of creation of end-to-end systems of information security management. The standard defines requirements to classification of data, a control system of access, responsibility of employees, safety of personnel and also other aspects of information security. The system of management developed in connection therewith by the standard allows to plan effectively, to control and manage processes of data protection of the enterprise.

ISO 27001 is the international standard according to which official certification of information security management systems is carried out. The ISO/IEC 27001:2005 standard represents model of a system of management in information security field. In it requirements to development, maintenance and improvement of a documentary information security management system are defined.

According to the report of Analysys Mason, about 33% of suppliers of cloud services adhere to ISO 27001. It was accepted in 2005 and formulates requirements to an information security management system (ISMS). The purpose of this standard - to set rules of creation, implementation, use, monitoring, check, maintenance and improvement of ISMS which represents the code the politician and procedures, including all physical, technical and legal control facilities involved in risk management processes, connected with use of information in the organizations.

The companies certified in Russia

In September, 2014 Step Logic fulfilled the requirements of British Standards Institute (BSI) for the introduction in the program of the associated consultants (ACP), having confirmed high qualification and wide experience of the specialists in development and deployment of information security management systems.

In the summer of 2014 the BDO Unicon Outsourcing company underwent testing for compliance to the new international standard of information security of ISO 27001:2013 and received the appropriate certificate. It became the first organization in Russia which submitted the application for certification audit according to the new version of the standard, and one of the first which received the certificate.

Staff of BDO Unicon Outsourcing was trained ISO 27001 in the Russian branch British Standards Institution (BSI) and brought an information security management system into accord with the last requirements of the standard.


On February 9, 2011 LANIT announced successful passing of recertification audit of own information security management system (ISMS) on compliance to requirements of the international standard ISO/IEC 27001:2005. Such audit is booked time in 3 years. The LANIT company was certified by BSI in 2007. Prolongation of action of the certificate the next 3 years is a guarantee that information of partners and clients which is in SUIB LANIT scope is reliably protected.

Audit of an information security management system of CHEEKS was booked by BSI Management Systems company – the recognized leader in the field of provision of services of certification and the author of the British standards afterwards adopted in ISO.

Notes

You See Also