ISO Certified

What is ISO?

  • The world’s largest developer of voluntary International Standards
  • International Standards give state of the art specifications for products, services and good practice – helps to make industry more efficient and effective (www.iso.org)
  • Global Strategic is ISO 27001:2013 Certified

What is ISO 27001:2013

  • ISO 27001 is an information security management system (ISMS) standard that is focused primarily on information and data security. 2013 is the most recent release of the standard.
  • Information includes: items stored on computers, transmitted across networks, printed or written on paper, sent by fax, stored on tapes or on disks, spoken in conversations (including telephone), and more.

What is Information Security?

Within ISO 27001, Information Security is defined as the preservation of:

  • Confidentiality: ensuring that information is only accessible to those who are authorized to have access
  • Integrity: safeguarding the accuracy and completeness of information and processing methods
  • Availability: ensuring that authorized users have access to information and associated assets when required

Why Is Information Security Important?

Information Security is important to a business, its clients and its employees. Proper information security is necessary to:

  • Protect information from a range of threats
  • Ensure business continuity
  • Maximize return on investments
  • Protect important client data
  • Safeguard sensitive and private staff information

How is Information Security Achieved?

  • Information security is achieved by implementing several controls.
  • These controls can be in the form of policies, practices, procedures, organizational structures and software functions.
  • These controls are based on the ISO 27001:2013 standard and designed to protect an organization against threats against information security. There are 114 total controls in the standard that an organization must implement.
  • These controls include physical entry, data access, human resources, media handling, equipment security, user responsibilities, and many more.