Information Security Management System ISO 27001:2013

The news that Cambridge Analytica Ltd. used personal information of more than 3 million American citizens had many eyebrows raised. Although Cambridge Analytica gained national attention, there have been others who have used tools to gather personal information for marketing or other purposes.

Companies who legitimately take far reaching efforts to safe guard customer’s information are at a loss to explain the efforts they take to safe guard data.

One of the easiest way to assure customers that their data is safe is to get certification to ISO 27001;2013. This international standard although has been released earlier than ISO 9001:2015 has now been brought to align with ISO 9001:2015 through corrections in 2015, thus facilitating companies to have integrated management systems if they so desire. One solution to assure customers is to have an Information Security Management System (ISMS) in place.

Information Security Management System (ISMS)

ISO 27001 is rapidly becoming the most popular information security standard in the world. Thousands of organizations have already adopted this important standard, and many more are in the process of doing so.

ISO 27001 applies to all types of Information Security Management. It doesn’t matter what size they are or what they do. It can help both product and service-oriented organizations achieve standards of Information security that are recognized and respected throughout the world. ISO 27001 + ISO 27002 becomes a comprehensive Information Security Management System (ISMS)

Controls detailed in ISO 27002:2013

ISO 27002 and ISO 27001 go hand in hand. ISO 27002 specifies controls in addition to Information security management system. 18 varieties of controls along with their sub clauses makes any information system strong and secure.

Improved Consistency and Control over Processes

By documenting the processes of an organization, the result is an improvement in the control of operations. Registered companies deliver more consistent products and services to their customers.  The result is reduced waste and decreased costs.

Meeting Customer Requirements

Many industries or customers require registration to an ISO 27001 standard to be an approved supplier.  Many automotive industries require that their suppliers dealing with their data be certified to this standard. All German automobile companies expect certification to VDA information security management standards. VDA information security management standard is an adaptation of ISO 27001, ISO 27002 and a few other automotive requirements

Marketing Potential

Some customers, in industries where ISO 27001 is not the norm, perceive ISO 27001 registered suppliers to be more advantageous.  Prospective Customers may view your organization as more proactive, disciplined, trustworthy and able to provide higher levels of security

Reduced Learning Curve for New Employees

As an ISO 27001 registered organization who has their processes documented, the result is a reduced learning curve and margin of error for new employees.  Documented processes are a great reference document for new and inexperienced staff.

System for Continuous Improvement

An Information Security Management System (ISMS) developed through implementation of ISO 27001 and ISO 27002 becomes a tool to identify and act on improvement opportunities that may impact the efficiency and bottom-line of your organization.  ISMS is a vehicle to constantly improve customer service.

AEC Difference:

Audit Expertise Comptable LLC (AEC). is a reputed premier consulting, training and auditing firm engaged in helping organizations achieve their goals in certification to standards and improvement of operations since 1992. With this vast experience AEC has helped over 670 firms achieve certifications with most of them getting certified without a major nonconformity first time around. AEC can help the organization build a data driven, evidence based, simplified, single level documentation system without adding heaps of documents to the existing system in the organization. AEC will adapt all existing documentation of the firm by making them suitable to standard and organizational requirements. AEC’s 10 Step disciplined path is insensitive to failure. Visit our website or contact for immediate assistance e mail:

Leave a Reply

Your email address will not be published. Required fields are marked *