Svana Helen Bjornsdottir, CEO of Stiki, is an ISO/IEC 27001 Certified Lead Auditor, Consultant and Trainer has many years of experience helping companies implement management systems. Bjornsdottir has recently published guidelines for small companies on how to achieve ISO/IEC 27001 certification.
It is important to understand risk management standards and procedures to ensure information security within any business or organisation. Compliance with the ISO/IEC 27001 code of practice is essential to the safety and availability of a company’s business data.
“Risk Assessment is only one part of three steps required for a full implementation of ISO/IEC 27001. The other two are Business Continuity planning and development of an Organisational Manual such as procedures, processes and policies” Bjornsdottir said
Bjornsdottir also advises for information security within an organisation, the CEO, the owner or the Information Security Officer should obtain a copy of the standard ISO/IEC 27002 code of practice and read it. It is a management standard that is essentially an overview of the best practices to ensure integrity and confidentiality of business data.
The guidelines to information security have been published in 3 steps with each focusing on individual concerning areas; Risk Management, Business Continuity Management and Workflows, Processes and Policies.