ISO 27001 is a set of standards set by the International Organization for Standardization (ISO) for the management and security of information. ISO 27001 is designed to allow a third party to audit the information security of a business. The compliance checklist is used by the third-party auditor to identify problem areas in information security to allow the business to improve its policies.
Legislation
The compliance checklist requires the auditor to evaluate all legislation that applies to the business. The auditor must verify that the security controls implemented by the business are documented and meet all required standards.
Property Rights
Controls must be in place to protect intellectual property rights, and those controls must be implemented well. When software is acquired, the property rights associated with that software must be considered.
Information Protection
The company's organizational records and personal information must be protected. This information must be correct and used with permission.
Security Policy Compliance
Any security policy implemented by the business must be obeyed by its employees. Managers must ensure that their employees comply with the security policies. Information systems must also comply with these policies.
Information Systems
The information systems tools must be protected to prevent unauthorized personnel from misusing them. These tools must be separate from other tools such as operating and development systems.
References
Photo Credits
- Kreuz 1 2 image by Michael S. Schwarzer from Fotolia.com