What is ISO 27001?
The pioneer international management systems standard for information security (ISMS) was last updated in 2013 to align with the High Level Structure (HLS) common to most international management systems. ISO 27001 is a specification that enables certification, and heads a growing family of related standards that combine to offer comprehensive guidance and support for organizations that want to systematically understand their vulnerabilities, identify the risks to the security of that information in order to ensure its availability, integrity and confidentiality for their customers, shareholders, regulatory authorities and other stakeholders.
The International Organization for Standardization 27001 Standard (ISO 27001) is an information security standard that ensures office sites, development centers, support centers and data centers are securely managed. These certifications run for 3 years (renewal audits) and have annual touch point audits (surveillance audits).
The following are the key principles for the ISO 27001:
- Confidentiality – which means that information is accessible only to those who are allowed ( who have authorized access)
- Integrity – which means that there is accuracy and completeness of the information
- Availability – which means that authorized users have access to information when they need it
Screen Magic policies for ISO 27001:2013
Screen Magic Mobile Media Pvt. Ltd. is compliant with ISO/IEC 27001. ISO/IEC 27001 is an information security standard and it specifies a management system that is intended to bring information security under management control and gives specific requirements. Organizations that meet the requirements may be certified by an accredited certification body following successful completion of an audit.
- Adopt an overarching management process to ensure that the information security controls continue to meet the organization’s information security needs on an ongoing basis.
- Screen Magic review its organization’s preparedness periodically, for assessment by checking if the necessary ISO/IEC 27001 procedures and controls have been developed. If all the requirements are in place, we will then assess the implementation of the procedures and controls within our organization to make sure that they are aligned as per the guidelines defined by ISO 27001.
- To ensure that the organizational security policies and procedures and its importance is understood by each of the employees of the organization by imparting training.
- To protect the organization’s business information and customer information within its custody or safekeeping by safeguarding its confidentiality, integrity, and availability. The organization shall use risk assessment and management processes to measure and achieve this objective.
- To ensure that the organization is able to continue its commercial activities in the event of significant Information Security incidents by implementing the disaster recovery & business continuity plan.
- To ensure that the organization complies with legal and statutory aspects of information security by having an ISMS team and procedure for taking care of incidences and their analysis, impact, resolution, prevention & reporting.
- Ensure continual improvement of ISMS.
- Design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable.
- To ensure internal audits, external audits and management reviews are completed as per policy.