What is ISO 27001?

The abbreviation 'ISO' stands for International Organization of Standardization - an independent, non-governmental international organization with 161 national standardization bodies. The organization facilitates knowledge sharing from experts and promotes the development of market-relevant international standards that support innovation and provide solutions to global challenges.

The number '27001' is the common name for a number of specific standards and requirements on how a management system for information security must be implemented and maintained in a company. ISO27001 is based on a risk-based approach to the management of information security and the standards are set to set the procedures in the system.

"The management system for information security preserves confidentiality, integrity and availability of information using a risk management process and ensures that stakeholders trust that risks are handled in a proper way" 

Why chose ISO 27001?

All companies have fire and burglar alarms installed to prevent major operational threats. But data and information security should be weighted at least as high. Not only that corporate customers has a high risk if information security is not in order, there is now introduced a number of regulations gives a high fines and punishment if data is not protect correct.

With an ISO27001 certification, the company gets a first-class management system so that the quality, safety and efficiency are top.

At the same time, an ISO27001 certificate contributes to promoting international trade, and up to 85% of all corporate customers sees certification as confidence-building.

Benefits of introducing ISO27001

  • Reduction of IT crashes with up to 35%
  • Fulfillment of requirements for international tender
  • Improved supplier management
  • Increased security in relation to industrial espionage
  • Data leak as a result of personal or procedural errors is reduced
  • Greater internal understanding about information security
  • Streamlining and automating information processes
  • Higher trust from corporate customers
  • Increased competitiveness and quality
  • Reduction of costs
  • Total risk and safety overview - Better priority
iso 27001

Who should get ISO27001-certified?

The ISO27001 standard is recommended by the Danish Financial Supervisory Authority as "Best Pratice" for financial companies. The Danish state has chosen ISO27001 as a security standard for all government companies, and the certification has been mandatory since January 2014.

Companies that are suppliers for financial or state businesses, as well as industries that handle larger amounts of sensitive data should introduce the ISO27001 standard.

ISO27001-certificeringsproces: En trin-for-trin guide

1

ISO27001-standarden og baseline review

Det første trin er at tilegne sig viden om ISO27001-standarden. Dette kan omfatte at læse standarden selv, deltage i uddannelseskurser eller søge rådgivning fra en ekspert.

Herefter gennemfører du en baseline review for at identificere huller i din nuværende informationssikkerhedsstyring i forhold til ISO27001-kravene.

2

Risikovurdering og -behandling

Identificer de risici, din organisation står over for i forhold til informationssikkerhed. Vurder sandsynligheden for, at hver risiko vil opstå, samt dens potentielle indvirkning.

Efter vurdering, skal du afgøre, hvordan hver risiko skal håndteres – accepteres, undgås, overføres, eller mindskes gennem kontrolforanstaltninger.

3

Udvikl og implementer et ISMS

ISMS er et system af politikker, procedurer og kontroller, der hjælper med at styre og mindske risiciene for informationssikkerhed.

Du skal sørge for, at alle relevante elementer af din organisation er inddraget og forpligtede til ISMS.

4

Udfør interne audits

Når ISMS er på plads, skal du gennemføre interne audits for at bekræfte, at det fungerer effektivt og overholder kravene i ISO27001-standarden.

5

Ledelsens review

Ledelsen i din organisation skal gennemgå ISMS regelmæssigt for at sikre, at det fortsat er passende, effektivt og i stand til at styre informationssikkerhedsrisici.

6

Certificeringsaudit og vedligeholdelse 

Efter at have udført interne audits og ledelsens review, kan du ansøge om en certificeringsaudit fra f.eks. LAM. Hvis du består audit, vil du opnå ISO27001-certificering. 

Hvert af disse trin er afgørende for en vellykket ISO27001-certificering. Det kan være en udfordrende proces, men de forbedringer i informationssikkerhed og tilliden fra kunder og partnere, der kommer som resultat, er vel det værd.