Learn About ISO 27001
ISO 27001 (also known as the IEC 27001), is an international standard for managing information security.
It is the only auditable standard on an international level that clearly defines the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving upon information security management systems (ISMS).
Frequently Asked Questions
Why is ISO 27001 important?
Because this is the only international standard by which information security can be judged, it puts into place a set of procedures, policies, and systems that oversee and manage information risks.
These risks could include events like breaches in data, being hacked, data theft, or cyber-attacks, so ISO 27001 is extremely important for maintaining global data security.
What are ISO 27001 requirements?
There are a number of ISO 27001 requirements that must be evaluated and met, including:
- Understanding the organization and its content
- Understanding the needs and expectations of interested parties
- Determining the scope of the information security management system
- Information security management system
- Leadership and commitment
- Information security policy
- Organizational roles, responsibilities and authorities
- Actions to address risks and opportunities
- Information security objectives and planning to achieve them
- Documented information
- Operational planning and controls
- Information security risk assessment
- Information security risk treatments
- Monitoring, measurement, analysis and evaluation
- Internal audits
- Management reviews
- Nonconformity and corrective actions
- Continual improvements
How do I get ISO 27001 certified?
Before you apply to become ISO certified, it’s important that you take the time to do a thorough evaluation on all sides of your company, so that you can ensure that you’re meeting the ISO 27001 standards.
The first step should be documenting and implementing any information security requirements that have not yet been met. Once those are in place, the company can apply to have a certification body perform an ISO 27001 audit for compliance.
Companies can only claim ISO 27001 certification in their marketing materials after the audit has been passed and finalized. Remaining certified requires periodic reviews as part of an ongoing certification cycle.
How can MedStack help with ISO 27001 compliance?
MedStack’s privacy policies and procedures are organized in the ISO 27001 format.
This allows third parties (i.e., auditors, hospitals, insurance companies, etc.) that are reviewing your company to quickly and easily reference the answers that they need to ensure compliance is maintained.
For businesses that need to remain ISO 27001 compliant, MedStack’s platform offers the controls necessary to meet a portion of these requirements. The remaining requirements for ISO 27001 compliance can be met by utilizing services offered through one of MedStack’s partners.
Learn how our platform can help you become
ISO 27001 compliant
We are the only platform that brings together compliance, security assessment responses, threat protection, and audit readiness into a complete offering, ensuring your application runs and manages data in the cloud with the highest privacy and security standards in mind.