ISO27001 - Isn’t that just cyber security?
It’s probably the most common question I get asked by customers, and its often the one I'm least prepared for. Not that I am unprepared, but I then need to explain to customers how information is important to their business, and no two businesses are the same! In short no, ISO27001 is about much more than just cyber security, it’s about “information security” and the management of it using a system.
So I explain in language they understand the advantages of having an information security management system (ISMS).
Information is an important part of any business, for example a building company. They have customers, builders, plans, accounts, HR and other types of information. Often, it’s a mixture of physical (printed) information, knowledge, computer stored information. So, then I ask the detailed questions (below) in order to understand all their information assets,
Remember that ISO27001 is about protecting the confidentiality, integrity and availability of your information security assets. So often, its not “just about computer security”.