ISO/IEC 27001 is the most well-known standard in the ISO/IEC 27000 family of standards for an information security management system, which helps organisations keep information assets/data secure. It certifies that the company has a systematic approach to managing sensitive information, ensuring the security of the data it holds. An organisation can become certified by an accredited certification body.
There are 10 key elements that are important to consider when preparing to become certified.
Certification is mostly concerned with data security - by being IOS/IEC 27001 certified you can ensure the security of the information you use.
The upcoming GDPR has strict articles dedicated to the prevention and treatment of data breaches. By ensuring your compliance with ISO/IEC 27001 you can meet several of the requirements laid out by the GDPR such as pseudonymising and encrypting personal data and implementing processes of continual improvement of your data security measures.
Although certification won’t mean you cover all the requirements of GDPR, it does cover the data breach requirements well – helping you to be ready for May 2018.