Information security management systems handbook

Issue 22 – November 2010

ISO and IEC have just launched a new handbook ISO/IEC 27001 for Small Businesses – Practical advice. The handbook provides practical advice for small- and medium-sized enterprises on how to achieve the benefits of implementing an information security management system (ISMS) based on Information technology – Security techniques – Information security management systems – Requirements ISO/IEC 27001:2005.

ISO/IEC 27001 is one of the fastest growing management system Standards and has been implemented by thousands of organisations in more than 100 countries. New Zealand has adopted the ISO/IEC 27001 as AS/NZS ISO/IEC 27001:2006.

The handbook takes the mystery out of information security and presents a practical step-by-step approach for SMEs to implement an ISMS based on ISO/IEC 27001.

ISO Secretary-General Rob Steele and IEC General Secretary Ronnie Amit comment in the foreword to the handbook: 'An information security management system based on ISO/IEC 27001 can empower the small business to compete successfully in today's globalising markets. This handbook is intended to provide the key to the door.'

The advice given is based on the premise that information is an asset, which, like other important business assets, adds value to an organisation and consequently needs to be protected. Information security protects information from a wide range of threats in order to ensure business continuity, minimise business damage, and maximise return on investments and business opportunities. An ISMS is a systematic approach to managing sensitive company information so that it remains secure. It encompasses people, processes, and information technology systems.

ISO/IEC 27001 specifies the processes for enabling an organisation to establish, implement, review and monitor, manage, and maintain an effective ISMS.

Email enquiries@standards.co.nz to order ISO/IEC 27001 for Small Businesses – Practical advice or call 0800 782 632 during business hours.

Related Standards

  • ISO/IEC 27001:2005 Information technology – Security techniques – Information security management systems – Requirements
  • ISO/IEC 29199-2:2010 Information technology – JPEG XR image coding system – Part 2: Image coding specification
  • ISO/IEC 14496-15:2010 Information technology – Coding of audio-visual objects – Part 15: Advanced Video Coding (AVC) file format
  • ISO/IEC 14496-1:2010 Information technology – Coding of audio-visual objects – Part 1: Systems

You can order PDFs of ISO, IEC, BSI, AS, and ASTM Standards and handbooks by calling 0800 782 632 during business hours or emailing enquiries@standards.co.nz.

Summarised from an ISO media release 19 October 2010.

Published in business and ICT.