What is ISO 27001?

ISO 27001 is the international standard for information security management. As such, it is the most relevant method of quality assessment for the hosting industry.

Posted on 30 August 2016 - Hosting
Tibus BY Tibus

It provides a specification for an information security management system (ISMS), which is a systemic approach to managing and securing sensitive information.

This usually comprises a framework of policies and procedures relating to how that information is managed. This covers all aspects of the business’ risk management processes, including legal, technical and physical factors. People, processes and IT systems are all covered by the system.

The documentation for the standard states that it will "provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system”.

ISO 27001 contains 12 main sections that an applicant needs to address. They are:

  1. Risk assessment
  2. Security policy
  3. Organisation of information security
  4. Asset management 
  5. Human resources security
  6. Physical and environmental security
  7. Communications and operations management
  8. Access control 
  9. Information systems acquisition, development and maintenance 
  10. Information security incident management 
  11. Business continuity management 
  12. Compliance

Why is ISO 27001 important?

As mentioned above, ISO 27001 is the closest quality assessment standard for web hosting-related activities. As such, it is also the closest thing to quality assurance when looking for a new web host.

If you hosting company has achieved ISO 27001 certification, you know they are taking seriously the way they handle, store and secure your sensitive data.

How does a company prepare itself for ISO 27001 certification?

The ISO 27001 documentation details a six-part planning process for companies seeking ISO 27001 certification. They are:

  • Define a security policy.
  • Define the scope of the ISMS.
  • Conduct a risk assessment.
  • Manage identified risks.
  • Select control objectives and controls to be implemented.
  • Prepare a statement of applicability.

What if my ISO 27001-certified web host is resting on its laurels?

ISO 27001 is geared up towards the constantly changing technological landscape. Continual improvement to the information security management system is one of the aspects of the standard that has to be documented within its policies and procedures.

The documentation confirms that an organisation’s needs and objectives, security requirements, processes, size and structure are expected to change over time. It also includes management responsibility, internal audits, continual improvement, and corrective and preventive action.

Tibus is ISO 27001 certified

Read about the scope of our ISO 27001 certification.

Learn more