ISO/IEC 27001 - Information Security Management
Developed by the International Organization for Standardization (ISO), the 27000 family of standards helps organizations keep information assets secure. It was written by experts in the field of information security and provides methodology for the implementation of information security management in an organization. The standards can help your organization manage the security of such assets as financial information, intellectual property, employee details or information entrusted to you by third parties.
Certification to ISO/IEC 27001
Like other ISO management system standards, certification to ISO/IEC 27001 is possible but not obligatory. Some organizations choose to implement the standard in order to benefit from the best practice it contains while others decide they also want to get certified to reassure customers and clients that its recommendations have been followed.
Possessing in-depth knowledge of the market research industry, The CASRO Institute for Research Quality provides audit and certification services for this standard as well as the two ISO research standards:
- ISO 20252- Market, Opinion and Social Research (2012)
- ISO 26362- Access Panels in Market, Opinion and Social Research (2009)
Why Should Your Company Consider Becoming ISO 27001 Certified?
-Clients– They are already requesting/mandating it, or soon will; Certification often eliminates the need to complete their extensive data protection questionnaires
-Legislation/Regulation: ISO 27001 certification utilizes a framework that can encompass other requirements
In the US: HIPAA, GLB, COPAA, FTC Rules, State privacy law/regulation
In the EU: Data Directive, Local national law and regulation (Federal Data Protection Act in Germany)
Globally: Many national laws/regulations, including: PIPEDA (Canada); Privacy Act (Australia)
-To gain a competitive advantage: Certification can provide your company with proof that it takes data security seriously via an annual third-party affirmation