AS/NZS ISO 27001 Information Security

ISO 27001 has been available for a number of years, initially as AS/NZS 4444 and then subsequently as AS/NZS 7799. In 2005 it was released as an internationally recognised standard. In Australia, it was adopted as an Australian Standard AS/NZS ISO 27001:2006.

ISO 27001 is a practical, internationally recognised benchmark that relies on assessing and managing risk to manage information and asset security. The system, as with all systems should be implemented to reflect the needs of your organisation and consider the current processes, size and structure.

The identification and rating of threats and vulnerabilities (including logistics, servers, network management and third parties such as contractors, internet service providers and HR), are a key underlying requirement of the standard.

The ISO 27001 standard is aligned with ISO 9001:2000 and ISO 14001:2004, supporting easy integration with existing management systems.

What type of organisation should consider implementing ISO 27001?

ISO 27001 is suited to any organisation that manages assets - data, people, software and intellectual property. This includes government departments (or their critical suppliers such as mailing houses, or data warehouses), energy providers and utilities, banks, insurance companies and corporates across all sectors of the economy.

Do you really need an Information Security Management System (ISMS)?

If TRUST, REPUTATION and BRAND are an integral part of your business then it is essential to consider the management of the information with which you are entrusted. Increasingly you must take responsibility for your processes, even when these are outsourced.

For more information, and to find out how we can help, please email us on info@ncsi.com.au, or call on 1300 856 554.