ISO 27001 policy management

The human elements of ISO 27001

Data handling and information security are central to modern business operations. Increased high profile data breaches have heightened awareness among senior executives that failures in information security have a significant negative impact an organisation. Many organisations opt to implement ISO/IEC27001 (ISO 27001), the global standard for information security compliance, in order to improve information security and demonstrate best practice to customers, investors, regulators and other interested parties. 

This whitepaper considers the cybersecurity landscape that has led to the need for standards and highlights the non-technical human elements that underpin ISO 27001. 

  • Documented information, its availability and communication within the organisation and to interested parties;
  • User awareness of the information security policy, their responsibilities and implications of non-conformance;
  • Appropriate education and training with evidence of competence;
  • Risk owner responsibility for documented information, controls and processes;
  • Monitoring and measurement of information security performance;
  • Analysis of non-conformities and corrective action;
  • Continual improvement. 

©2017 NETconsent Ltd