Service providers that seek the most recognized implementation of an information security baseline and governance structure should consider the ISO/IEC 27001:2013 (“ISO 27001”) standard. The information security management system (ISMS) prescribed by this widely adopted publication engages personnel at every level of an organization to ensure information security-focused processes and controls are implemented, maintained, and continuously improving. Rather than focusing solely on the establishment of information security controls, the ISMS challenges service providers to first consider risks and then develop processes that enable an effective control environment.
Go to Source of this post
Author Of this post: