Blog Post

ISO27001 - Isn’t that just cyber security?

It’s probably the most common question I get asked by customers, and its often the one I'm least prepared for. Not that I am unprepared, but I then need to explain to customers how information is important to their business, and no two businesses are the same! In short no, ISO27001 is about much more than just cyber security, it’s about “information security” and the management of it using a system.

So I explain in language they understand the advantages of having an information security management system (ISMS).

Information is an important part of any business, for example a building company. They have customers, builders, plans, accounts, HR and other types of information. Often, it’s a mixture of physical (printed) information, knowledge, computer stored information.  So, then I ask the detailed questions (below) in order to understand all their information assets,

  • Who has access, and who needs it?
  • What are you storing, how sensitive is it?
  • Where is information stored, both physically and logically?
  • Why do you store this at all?
  • When can it be accessed?
  • How is information protected?

Remember that ISO27001 is about protecting the confidentiality, integrity and availability of your information security assets. So often, its not “just about computer security”.

More Blog Posts