ISO 27001 & CobIT Standards

ISO 27001 & CobIT Standards

Background

In a joint effort, the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) developed the ISO/IEC 27000 information security standard for organizations managing a security management system. Organizations may be certified compliant with the standard by an accredited third-party on successful completion.

Control Objectives for Information and Related Technology (CobIT) is a governance framework created by the Information Systems Audit and Control Association (ISACA). Following the CobIT framework demonstrates an organization's status of IT management and governance.

Some specific ISO 27001 & CobIT standards include:

  • Formalizes Organizational Risk Management
  • Identified and Improves areas for IT efficiency and effectiveness
  • Connects the needs of the business with IT
  • Establishes stand operating procedures to meet the business needs
  • Provides awareness and alignment between the business and IT goals
  • Enables executive oversight and visibility throughout the life cycle

Potential Risks

An organization's failure to meet the necessary ISO 27001 requirements or CobIT standards may lead to a breach of data, loss of ability to process or handle 3rd party data, loss of business customers or partners or regulatory fines. It's also important to keep in mind the possibility of PR damage to your organization and loss of brand equity.

How We Can Help

Our qualified experts understand the impact these frameworks can have on your data maintenance and security procedures. We will bring procedural expertise to your organization regarding these issues.

Failure to meet industry standards can impact your organization. Don't take chances - let our experts help! CompliancePoint has a variety of services that you can leverage to meet your FISMA compliance and NIST needs.

We can help you identify and mitigate risk