ISO 27001 is an internationally recognized certification standard for information security management systems. Published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), ISO 27001 is used as a benchmark for the protection of sensitive information and one of the most widely recognized, customer-valued certifications for a cloud service.
In combination with ISO 27002, ISO 27001 outlines potential security controls and control mechanisms and provides a best practice framework for establishing, implementing, maintaining and improving an organization's information security management system (ISMS). The presence of a robust ISMS—a critical business platform—helps to safeguard an enterprise's information systems from cyber-attacks, which are a growing threat to any organization with a data center and/or an online presence.
Addressing the need to maintain the confidentiality, integrity and availability of information systems, ISO 27001 requires management to identify information assets and assess risks to physical security, network security, host security, application security and database security. The international standard establishes guidelines for designing and executing risk-appropriate security controls and adopting management procedures to continually review the effectiveness of existing security processes.
Organizations that choose to adopt ISO 27001 are able to:
Many organizations find the process of ISO 27001 certification—and maintaining compliance—arduous and time-consuming and may benefit from having a partner to assist with stringent compliance requirements. A compliance management solution can significantly reduce the complexity and cost of securing compliance.
At Akamai, we offer our customers the ability to streamline security compliance initiatives for PCI DSS, FISMA, ISO, and BITS standards, giving you comprehensive support well beyond a simple ISO or PCI compliance checklist. Through our Compliance Module, we can provide your company with tools and documentation to accelerate compliance validation for ISO 27001 and ISO 27002—including the standard terms and conditions for ISO 27001/27002, an executive summary of our annual ISO 27001/27002 assessment, and our incident response procedures.
Moreover, our network, management infrastructure and associated processes and procedures are consistent with the security requirements of ISO, PCI, FISMA, NIST Special Publication 800-53, and the BITS standard.