ISO 27001: The international standard for information security. Luxury or Necessity?

cmsadmin's picture
ISO 27001 provides the requirements for Information Security Management Systems. Because we live in the Information Era - where information is mainly stored electronically, there is a misconception that ISO 27001 only applies to Information and Communication Technology (ICT) companies only. However, this view is incorrect. The implementation of Information Security Management Systems (and ISO 27001) is not only limited to ICT companies, but also applies to companies & organizations in any sector of industry, such as in manufacturing, education, commerce and services.
There is no doubt that Information is an asset. It may be recorded or printed on paper, may be stored electronically or in a physical file, may be sent by regular or electronic mail, may be presented in film or orally in discussions. Whatever the format of the information, in whatever way it is distributed or stored, ISO 27001 is a risk based approach to safeguard the security of this information. Effective implementation of ISO 27001 and of an Information Security Management System helps organizations to increase security levels and protect information more adequately.
Information security can be characterized as maintaining:
  • Confidentiality - Ensuring that access to information is appropriately authorized.
  • Integrity - Safeguarding the accuracy and completeness of information, as well as its processing methods.
  • Availability - Ensuring that authorized users of information have access to it when they need it.
ISO 27001 contains a number of control objectives / objectives and audit points - to ensure the preservation of Confidentiality, Integrity and Availability.
Why Information Security is Needed?

It is now widely and universally accepted that information is one of the vital assets of organizations and businesses. It is and 'asset'. Consequently, the confidentiality, integrity, and availability of information assets (whether owned by the company itself or those owned by its customers) are crucial to achieving competitiveness, cash flow, profitability, legal compliance, and commercial image. ISO 27001 aims to contribute actively and assist an organization in this task. In particular in the area of legal compliance, ISO 27001 covers an important part of the GDPR with which compliance is mandatory for all companies and organizations.
It is very easy for any professional to realize the disastrous consequences for a business if some important information was lost, or if it was subject to abuse, destruction or corruption. This could (and can) lead to the complete collapse of that business. It is equally easy for any professional to realize the disastrous consequences for a business if the important information lost or abused or corrupted was information owned by customers of that business; not only this could lead to the complete collapse of the business, but also to the complete collapse of its customers! So do companies have the right not to adequately protect their information? This is an important question!
Advantages of ISO 27001 certification

An organization which is certified by an Accredited Certification Body proves that it takes information security very seriously. It demonstrates that the organization addresses, implements and controls the effectiveness of information security. Furthermore the certificate is a proof that an independent third party (CB ) is regularly assessing the effectiveness of the Information Security Management System and finds it effective. The advantages however do not stop there.
The certification also offers the following advantages:

  • The assessment process by professional and expert assessors add significant value to the Information Security Management System.
  • Boosts the confidence and trust of customers, employees, partners and all stakeholders in the awareness that information management of ‘their’ information is more secure.
  • Demonstrates important credibility and trust with very positive impact on reputation.
  • It can lead to significant cost savings. (e.g. reduction of professional indemnity / cyber security / insurance premiums). Also a loss of information can result in replacement costs, non productive time, additional effort and resources, and hence in significant costs and losses.
  • Contribute vitally and demonstrate compliance with the legal and regulatory framework (e.g. GDPR, NIS Directive).
  • Ensures that there is a commitment to information security by everyone and at all levels of the organization.
  • Reduce ‘barriers to entry’ into new customers and markets.
  • Promotion and marketing tool.

ISONIKE Ltd is a European Conformance Assessment Body (CAB) and Certification Body (CB) established in 2013. The board of directors and the executive members of ISONIKE Ltd have been actively involved with assessments and certification activities since 1996.
ISONIKE's Vision is to follow and apply the highest standards of Professionalism and Business Ethics in relation to People, Society and the Environment to progressively become a leading group of companies with a wide range of activities providing the greatest possible benefits to all interested parties
ISONIKE's Mission is to offer its services to customers and stakeholders in a professional and ethical manner, thus making our company the Strategic Partner of choice that will empower clients and stakeholders to achieve their own objectives.
ISONIKE Ltd has been accredited by ESYD (Hellenic Accreditation System) under number 1177 and is therefore an accredited certification body for conducting assessment. This means that it has the official Greek authority to issue accredited (by the ESYD – full member of International Accreditation Forum) certificates of conformity with a wide range of quality and information security standard.

ISONIKE Ltd operates to the benefit of all stakeholders in a manner that promotes corporate ethicsprofessionalism and reliability. These are the undoubted principles and core values of the company.
ISONIKE Ltd applies only good professional practices and always operates with respect to all parties involved. The certification process provides stakeholders with reliable assurance. This means that ISONIKE's certificates gives international recognition, and offers added value to its customers. Apart from corporate ethics and professionalism, one of the main characteristics of ISONIKE's philosophy is that it is an approachable certification body.
The ‘Approachable Philosophy’ is a value held by all of the functions within ISONIKE, including:
  • Approachable Assessments ;
  • Approachable Communication and Response;
  • Approachable Assessors  with expertise in the Customer’s industry;
  • Approachable Pricing Policy;
Assessments in particular are conducted with the objective of adding significant value to the management system being assessed.
The assessments by ISONIKE are intended to assess conformity while not being a ‘traumatic experience’ for the company or its employees. We firmly believe that both the assessors  and the executives of the customer have a common purpose: to add value to the Management System - by effectively and professionally fulfilling their role.
Through this approach, the assessments  with ISONIKE are a constructive experience. By highlighting both the strengths, weaknesses and conformity gaps, ISONIKE assessments provide a useful tool that optimizes the processes and functions of the management system and thus the effectiveness and efficiency of the company itself. For this reason, ISONIKE assessors  are evaluated and selected based on their ability to be approachable, communicative, and to be able to collaborate constructively with company executives. Our assessors  understand that in order for a management system to be effective, it must be implemented in a way that benefits the organization’s business strategy. Consequently, much emphasis is placed on the practical side of the system, avoiding unnecessary bureaucratic conventions and fixed mindsets.
All the above contribute decisively to choosing ISONIKE for the management system certification of big corporations internationally.
More information can be found at the following Links:
  • For viewing general information click here
  • For downloading a e-brochure click here
  • For quotations click here
  • For inquiries : contact us at: + 30-2106218021 or + 357-26222172 or via e-mail: info [at] isonike [dot] com or via online form