“The ISO/IEC 27000 family of standards helps organizations keep information assets secure. Using this family of standards will help your organization manage the security of assets such as financial information, intellectual property, employee details or information entrusted to you by third parties.” International Organization for Standardization The decision to become accredited to ISO 27001 presents many different challenges to a business. The biggest challenge is the requirement to understand that previous company processes will need to change. Businesses are naturally apprehensive about change, especially in successful firms, however at Aeromark the decision to implement ISO 27001 throughout the entire scope and the change that it would bring was met with positivity. “Despite having seen reluctance by other software providers to fully manage and minimise risk, we at Aeromark were excited at the idea of becoming certified to the ISO 27001 standards. We wanted our customers to feel assured that their…

As business information is the most vital part of any company, most businesses have some form of data security policy in place. While this policy and the security controls may be introduced with the best intentions, the effectiveness of the policy can be difficult to maintain and organise. For example, most IT security policies may overlook vital information assets such as paperwork. The ISO 27001 standard was introduced to ensure that all aspects of data security are protected. ISO 27001 was developed to "provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system".   The specification includes details for documentation, management responsibility, internal audits, continual improvement, and corrective and preventive action. The standard requires cooperation among all sections of an organisation which is required to apply controls appropriately in line with their specific risks. So why have Aeromark chosen to be ISO 27001…