INFORMATION SECURITY: Principle 1

ISO 27001 Information Security Principles

Principle 1: Analyse the Protection of Information and then Applying Controls

Analyzing how information is protected is the first step in securing it. The information you gather can come from a variety of sources, including, but not limited to:

  • individuals
  • teams
  • customers or
  • contractors.

The value of information can’t be overstated. You wouldn’t let your factory just take care of itself. Maintenance and protection are your responsibilities. Insurance is your responsibility. The equipment must be locked away when not in use. Because it is so important, you actively take care of it.  Information should not be any different. Investing in it makes sense.

The method of storing information may include digital (data stored via an electronic source), material (paper-based documents, whiteboards, pin-boards), and knowledge-based (in the minds of your staff, customers, and even contractors).

In addition to digital means (email, Dropbox, messenger, social media channels), physical means (through postal services, couriers, or delivering directly to team members/customers), verbal means (during meetings with employees or casually mentioned in the office) information can also be transferred in a variety of ways.

A risk assessment can be conducted after listing all the relevant details of your information, which involves identifying the underlying risks associated with each piece of information. You can gain a deeper understanding of the potential harm caused by data compromise by analyzing these risks. As soon as you have a deep understanding of the risk, you evaluate it against risk criteria. This is to determine if the risk is acceptable to your business. Realizing the gaps and weaknesses in your current system can be quite confronting at this point.

Implementing controls to ensure your information is protected is the next step. Here are some suggestions:

  • Data management on a fully redundant hardware platform with no single point of failure.
  • Hot-swappable hard disks (technicians can replace a faulty drive while the storage system is still working without losing any data).
  • Make sure your building is monitored 24 hours a day.

Monitoring, maintaining, and improving controls are also essential. Technology and information needs change over time, so maintaining controls is a must. If accurate, complete information is made available in a timely manner to those with an authorised need, then your organization will run most efficiently.

ISO 27001 Information Security Principles

Use SHEQ software

To design and implement a Quality Management System, SRM and many of our clients use Mango Compliance Software – www.mangolive.com Mango makes it easier to obtain and maintain ISO 9001:2015 certification.

SRM is ISO 9001:2015, ISO 14001:2015 and ISO 45001:2018 certified. Contact our consultants today. Let us know if we can help you with the development and implementation of your Quality Management System.