UK law states Data Controllers (office managers), who subcontract the handling of their data to a third party (a data processor), remain liable for that data. Data controllers must, therefore, be 100% sure that their processors have the proper processes and controls to protect their data. A data processor with ISO27001 accreditation has been independently audited to have the relevant processes and controls. Read on to find out more.
ISO/IEC 27001 is the best-known standard in the family providing requirements for an information security management system (ISMS).
Like other ISO management system standards, certification to ISO/IEC 27001 is possible but not obligatory. Some organizations choose to implement the standard in order to benefit from the best practice it contains while others decide they also want to be certified to reassure customers and clients that its recommendations have been followed. ISO does not perform certification.
ISO 27001 is the international standard related to information security management systems. It has been designed to allow you to assess your risk and implement appropriate controls preventing confidentially, integrity and availability of information assets. The fundamental aim is to protect the information of your organisation getting into the wrong hands or losing it forever.