ISO 27000 Information Security Management System
ISO/IEC 27001:2013 Information Technology – Security Techniques – Information Security Management Systems – Requirements.
The frequent hacking of company data is the new business reality and risk. Loss of company information can have catastrophic financial and regulatory results for companies so information security is now an urgent commercial priority. To meet this threat the European Union and South Africa have introduced legislation that companies will need to comply with to protect any private data that they retain.
The EU General Data Protection Regulation – the GDPR- became effective during 2018 and will apply to your company if it:
• has a legal entity, representative or web site established in the EU.
• offers goods and services to people in the EU in Euros or a EU language.
• monitors the behaviour of people in the EU.
• processes data for a company in the EU.
• has a data processor in the EU.
This includes financial services, hospital groups, call and data processing centres, international retail groups and many more. Failure to comply with the GDPR means loss of business and eye watering fines related to annual turnover.
The RSA Protection of Personal Information Act – POPIA – expected to be fully effective by 2020 will apply to your company if it:
• keeps any type of records relating to the personal information of anyone.
This includes just about every company in RSA. Failure to comply with POPIA means criminal charges – yes, the CEO can go to jail.
ISO 27001 is the management standard that allows companies to demonstrate compliance with this legislation. Global certifications to this standard rose 19% in 2017 to 39 501 and are expected to rise above 50 000 by the end of 2018.
Quality Track is proud to have been involved with the implementation of ISMS and subsequent ISO 27001 certification of a number of prominent South African companies.
The benefits of the ISMS approach:
• Preservation of the confidentiality, integrity and availability of information.
• Protection of corporate knowledge and your customer’s information from a variety of threats.
• Enhanced business continuity and minimisation of incident damage.
• Contractual compliance.
• Business retention.
• Demonstration of national and European legal compliance.
We can provide any kind of organisation, manufacturing or service, private or public, large or small with a custom made ISMS. We will train employees to participate in the system and guide them through implementation to certification.