What is ISO?
Made up of 167 national standards bodies, ISO is an international organisation made up of delegates from over 166 countries. It is an independent, apolitical, non-governmental organisation that, using the expertise and experience of its members and, ISO has created a series of International Standards that “support innovation and provide solutions to global challenges.”
The organisation, based in Switzerland, exists to enforce a series of internationally recognized and adhered to requirements that then qualify a business or product for certification to a specific ISO standard.
An ISO standard is a rigorous set of safety requirements to which organisations must adhere, and continue to improve upon, in order to get ISO certification.
Who issues the ISO certifications?
The International Organisation for Standardisation (ISO) does not grant certification for any of its standards. Independent, accredited auditors carry out this function. Companies are audited in accordance with an ISO standard that is particular to that business, and based on the results is either certified or not.
What is ISO 27001?
ISO 27001 is the International Standard that specifies requirements for implementation an Information Security Management System (ISMS). It is the only global standard set out that guides businesses to meet the requirements of an ISMS
An Information Security Management System provides a systematic and proactive approach to effectively managing risks to the security of your company’s confidential information, and ensuring confidentiality, integrity and availability (CIA) within the organisation.
- ISO 27001 provides any business with a framework with which to comply so that it can safeguard data and private information from malicious threats
- ISO 27001 is an international standard that provides a business with a list of requirements and guidelines on how to build, maintain and regularly update its Information Security Management System
What is the purpose of ISO 27001? Why is it necessary?
As information systems and data storage have gotten more advanced, so too have the levels of threat that they face. ISMS need to be safeguarded against malintent and data breaches. To this end, ISO created a set of stringent measures, ISO 27001, that give guidance on the planning, construction and on-going maintenance and improvement of any ISMS so as to protect private data kept by companies.
As more and more territories create laws to safeguard private data, such as the Protection of Personal Information Act (POPI) in South Africa, the Health Insurance Portability and Accountability Act (HIPAA) in the United States and the General Data Protection Regulation (GDPR) in the European Union, organisations require a universal set of standards that can be applied globally, and that is ISO 27001.
What areas of information security does ISO 27001 cover?
- Information security policies
- Organisation of information security
- Human resource security
- Asset management
- Access control
- Physical and environmental security
- Operations security
- Operations security
- System acquisition, development and maintenance
- Supplier relationships
- Information security incident management
- Information security aspects of business continuity management
- Organisations are given all the necessary guidance on how to plan, build, maintain and improve their ISMS by creating and implementing a series of policies, procedures, processes and systems that successfully protect information from potential security breaches and cyberattacks
- Organisations that are certified have higher levels of protection against data security threats and breaches
- ISO 27001 is in line with business, legal, contractual, and regulatory compliance requirements
- It improves transparency within the organisation
- ISO 27001 has huge cost implications too. A cyber attack can prove costly to an organisation, not only in terms of monetary costs, but reputational and relational costs can be incurred too
- Organisations are forced to define systems and processes which saves in terms of lost productivity and inefficiency.
- It builds trust with clients
- It builds brand reputation and shows that your organisation takes security seriously
- It helps assure clients that their information is in safe hands
Wyzetalk’s ISO 27001 Certification Journey
Wyztalk has recently become ISO 27001 certified. Our customers can now rest assured knowing that their data is safe and is being kept secure using the most rigorous, internationally recognised specifications.
In order to achieve our ISO 29001 certification, we have invested significant time and resources into our information security management. Wyzetalk’s certification means that our clients and partners can be certain they’re doing business with an organization that makes security a top priority. But more than that: they are dealing with an organisation understands the need for check and balances to be in place to reduce the threat of serious attacks on private data.
The Wyzetalk team has worked tirelessly and painstakingly to ensure that every last detail is adhered to with regards to ISO 27001 compliance, and we are committed to constantly improving and updating our system so as to stay ahead of the game when it comes to cyber security.
The compliance journey involved:
- Developing a project plan
- Defining a scope for our ISMS
- Performing a risk assessment and gap analysis
- Designing and implementing controls
- Documenting all policies and procedures
- Receiving internal auditor training
- Performing an internal audit
- Monitoring and remediating deviations
- A full audit from independent auditors from the certification body
The result is that when working with us, as an ISO 27001 compliant organisation, you can be secure knowing that your data is in the safest hands.