Our digital footprint continues to expand exponentially as organizations now store more information about individuals and record our interactions. Managing how that information is stored, shared, accessed and controlled is complex, complicated to manage and prone to risk.
Risk isn’t restricted to the digital domain either as breaches can occur in unexpected ways such as photographs of highly sensitive information being captured by the press and publicized, to devices with private data becoming lost or stolen.
Organizations today need to be equipped to manage the security of their information or risk exposing themselves to culpability, criminality and liability.
ISO/IEC 27001:2013 is the current international standard that sets out the requirements to establish, implement and continually improve an information security management system.
A management system based on this standard will take into account the needs and objectives of the organization, the security requirements, the business processes, the size and structure of the organization and it can adapt to changes in these areas over time.
An effective management system will also enhance stakeholder confidence when looking at a business’s ability to adequately protect its information assets.
Our courses follow a structure to help you familiarize yourself with the standard in the Requirements course to learning how to implement an ISMS in an organization. To check your ISMS conforms with the standard, we can teach you how to audit or lead a team to conduct the auditing of it. We also have courses for individuals and lead auditors handling the transition from the previous version of the standard, ISO/IEC 27001:2005 to the current version, ISO/IEC 27001:2013.