Sertifikacija ISO standarda Srbija ISO sertifikat cena

icon

PRIKAŽI SVE REZULTATE icon icon
icon
intercert Logo

Certification groups

FUNCTIONALITY

WELL-BEING

SAFETY

PERSONS

PRODUCTS

ISO/IEC 27001

ISO/IEC 27001

Information security management systems

ISO 27001 standard Srbija Sistem menadžmenta bezbednosti informacija

ISO/IEC 27001 is part of the ISO 27000 family of standards, which covers a comprehensive set of information security standards (including ISO 27002, ISO 27005, ISO 27017, ISO 27031, ISO 27701, ISO 27018, among others). Each of these standards provides specific requirements and guidelines that help companies implement appropriate controls to ensure compliance. They are published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), outlining how to manage information security within organizations.

Applicability and Implementation

This information security standard is designed for organizations of all sizes and sectors. It offers guidance for establishing, implementing, maintaining, and improving an Information Security Management System (ISMS). It also aids in identifying risks and taking proactive measures to mitigate threats and potential damage to the organization’s assets.

Aspects of Information Security in ISO 27001:

  1. Technical:
    • Defines IT equipment performance, access rights, encryption, passwords, protocols, and policies related to information security risks.
  2. Administrative:
    • Establishes guidelines, procedures, and policies for the generation, distribution, and storage of information.
  3. Physical:
    • Includes physical access control, employee record keeping, workplace protection, and video surveillance.

Core Principles of Information Security:

The ISO 27001 standard is based on three fundamental principles:

  • Confidentiality: Ensures that data is protected from unauthorized access.
  • Integrity: Maintains the accuracy and consistency of data.
  • Availability: Guarantees that systems and data are accessible to users when needed.

Relationship Between ISO 27701, ISO 27017, ISO 27018, and ISO 27000:

  1. ISO/IEC 27701: This is the first international standard defining requirements for a Privacy Information Management System (PIMS). It extends ISO/IEC 27001 and ISO/IEC 27002 to help manage personal data, ensuring compliance with privacy laws.
  2. ISO 27017 and ISO 27018: These standards are specifically designed for cloud service providers. ISO 27017 clarifies the roles of service providers and users, offering guidelines for information security in cloud computing. It recommends implementing cloud-specific security controls, complementing the guidelines in ISO/IEC 27002:2013. ISO 27018 focuses on legal requirements for data protection, ensuring the secure processing of personal data when using cloud services.

New Version of the Standard (ISO/IEC 27001:2022)

A new version of ISO 27001 was published in October 2022, replacing the 2013 version. This update was driven by the need to address new security challenges in modern business. Key benefits of the updated version include:

  • Enhanced business opportunities
  • Reduced risks of fraud, data loss, and breaches
  • Compliance with laws and European regulations
  • Protection against unauthorized access and misuse
  • Proof of secure data handling in accordance with data protection laws

Changes in Security Controls:

The new version reorganizes the security controls into four chapters (reduced from the previous 14):

  • Chapter 5: Organization (37 controls)
  • Chapter 6: People (8 controls)
  • Chapter 7: Physical (14 controls)
  • Chapter 8: Technology (34 controls)

The ISO/IEC 27001:2022 update includes changes in the number of controls, now totaling 93:

  • 11 new controls
  • 23 renamed
  • 57 reorganized into 24
  • 35 unchanged

The 11 new controls address areas such as threat intelligence, cloud service security, ICT readiness for business continuity, physical security monitoring, configuration management, data deletion, data masking, data leakage prevention, activity monitoring, web filtering, and secure coding.

Transition to the New Version:

According to the International Accreditation Forum (IAF), the transition period for adopting the new 2022 version is three years from its publication date, with a deadline of October 31, 2025.

Benefits of ISO 27001 Certification:

  • Proof of ISMS compliance with international standards
  • Enhanced risk management and greater information security
  • Legal compliance
  • Reduced risk of data loss
  • Increased trust among employees, clients, and business partners
  • Improved competitiveness
  • Greater economic opportunities

Is the 2013 Version Still Valid?

Organizations that started implementing the 2013 version can complete their certification until October 31, 2023. After the first certification, they have two years to transition to the new version and align their processes and documentation accordingly.

Having a valid ISO 27001 certificate demonstrates an organization’s ability to securely manage information, showcasing this capability to customers, clients, and other stakeholders.

BENEFITS

Jačanje poverenja u kompanije sa TISAX sertifikatom cena Srbija

By building trust and understanding the key aspects of the certification process, stable and friendly relationships are formed, which serve as a foundation for business advancement.

  • icon Meeting the Requirements of Partners, Users and Customers
  • icon Achieving Best Practices Related to Information Security and Technology Usage
  • icon Reduction of Risks and the Possibility of Loss of Sensitive Information
  • icon Control over Processes and Improvement of the Work Environment

RELATED STANDARDS

ALL STANDARDS icon icon