ISO/IEC 27001:2013 - Information security management

ISO/IEC 27001:2013 (ISO 27001) is the international standard that describes best practice for an information security management system (ISMS). Accredited certification to ISO 27001 demonstrates that an organisation is following international information security best practices.

ISO/IEC 27001:2013 (formally ISO27001:2005) will help your organization manage the security of assets such as financial information, intellectual property, employee details or information entrusted to you by third parties.

It can help small, medium and large businesses in any sector keep information assets secure.

What Are the Benefits of ISO 27001 Certification?

  • Demonstrates the independent assurance of your internal controls and meets corporate governance and business continuity requirements.
  • Provides a competitive edge by meeting contractual requirements and demonstrating to your customers that the security of their information is paramount.
  • Proves your senior management’s commitment to the security of its information.
  • The regular assessment process helps you to continually monitor your performance and improve.

Which information security controls can we assist with Osirium?

We mapped Osirium to a Statement of Applicability (SoA) for ISO27001:2013 in relation to Privilege Users and we identified that we could address the following controls;

  • 9.1 Business Requirements of Access Control
  • 9.2 User Access Management
  • 9.3 User Responsibility
  • 9.4 System and Application Access Control
  • 10.1 Cryptographic controls
  • 11.2 Equipment
  • 12.1 Operational procedures and responsibilities
  • 12.2 Protection from Malware
  • 12.3 Backup
  • 12.4 Logging and Monitoring
  • 13.1 Network Security Management
  • 13.2 Information Transfer
  • 14.1 Security requirements of information systems
  • 14.2 Security in development and support processes
  • 15.1 Information Security in Supplier Relationships
  • 15.2 Supplier service delivery management
  • 16.1 Management of IS incidents and improvements

Osirium Statement of Applicability to ISO27001

Please contact us directly for a breakdown on how we addressed all these aspects in the SoA.

Industries linked to ISO27001

What other compliance standards can Osirium address?