Nonetheless moving beyond the costs one must consider the return on investment. First and foremost ISO 27001 is the pre-eminent Information Security Management System Standard globally. This is why certifying to this standard is more than an expectation, it is the norm in regulated sectors, and typically seen as a requirement in procurement processes across multiple sectors.
ISO 27001 invokes trust in your supply chain partners and customers. It sends a message that you are coordinated in your approach to information security, that you value your assets and you are taking a risk-based approach to ensure they are protected against the myriad of threats that exist.
We do argue however that this is one of many bonuses of achieving this information security baseline. At the heart of things, like the other core ISO standards, implementing ISO 27001 provides a framework for operating within that protects your business and enhances shareholder value. The Standard require you to take a view of your critical assets, to catalogue them and classify them. It requires that you apportion appropriate controls to protect your assets, their confidentiality, integrity and availability. It provides a framework for engaging with your people and your interested parties to further this cause, and it considers what happens when things go wrong. But most of all, it is about the cycle of improvement, a cycle which mandates Management involvement and demonstrable and accountable improvement. This should be at the crux of any organisations’ objectives as we turn the corner and embrace an interconnected digital age.