ISO27001 as a key point for the security of digital transformation.

ISO27001

ISO27001 as a key point for the security of digital transformation.

The ISO27001 standard and its expansion for ISO27001 cloud solutions are key to the digital transformation since all those involved, clients, suppliers, HR, institutions, investors, etc. increasingly require compliance with security measures regarding the information that both parties share, transmit and store mutually, as well as the information services that are provided. Specifically, the three key dimensions that we must ensure in our teleworking and digital transformation are confidentiality, availability and integrity of the information we manage. ISO27001 as a key point for the security of digital transformation.

ISO27001 as a key point for the security of digital transformation.

We are facing vital moments for the survival of many companies where teleworking and digital transformation have accelerated to make companies safer, more profitable, more productive and more efficient also in economic terms. The digital transformation often means exposing both computer services and information that we store, transmit and process both on the Internet in our own company and to interested third parties.

This is where we must demand minimum levels of information security for both customers and suppliers. These minimum levels are generally operated in companies through information security management systems or also called ISMS or ISMS. The implementation of the ISO27001 standard is essential to ensure the good practices that this standard provides us with companies. Its implementation is costly in effort but it provides us with numerous advantages. In all the ISO27001 and ISO27017 audits that I have collaborated, I have been able to verify the following:

  • Improvement of information security systems at all levels, including an increase in the level of confidentiality, availability, integrity, and traceability of all the actions carried out on our information.
  • Improvement of the work processes of many of these companies, by including the obligation to establish professional forms of work in change management, incident management, supplier relationship management, contracts, etc.
  • Compliance with 70% of the RGPD.
  • Compliance in general. This rule would invent all the laws that our company must comply with, as well as other issues such as intellectual and industrial property.
  • Significant reduction in the risk of cyber attacks and computer threats that endanger our information. I personally conduct a comprehensive risk analysis of organizations based on scenarios, probabilities, impact, threats, vulnerabilities and acceptable risk thresholds.
  • Standard requested by third parties.
  • We increase the capacity for business continuity.
  • Support for other approvals such as:
    Homologation in private medical prescription
    Homologation in online betting systems.

As a CISA auditor for ISACA, I have chosen this standard so that my clients increase their level of information security management. I have recently started as a partner of the Instant27001 solution as a key tool to accelerate the implementation of this standard for the following reasons:

  • We reduced the documentation effort to 70%.
  • All the product is in English, which gives us the possibility of presenting our security management system internationally.
  • It includes the good practices of the industry, as well as my extensions based on my Know-how.

Conclusion

My work as an external consultant has increased since COVID19 because many companies are beginning to realize the importance of ISO27001 for their future, their business continuity, reaching or signing new contracts, etc.

Luis Vilanova Blanco. Auditor and implementation consultant ISO27001 and ISO27017. CISA Auditor by ISACA.

911277300

iso27001@luisvilanova.es