|Author Organisation||International Standards Organisation|
|Sponsor Organisation||Not Known|
|Trustee||NPTC Standards Working Group, firstname.lastname@example.org|
Copyright Notice Copyright (c) 2016 National Police Technology Council (NPTC) group and the persons identified as the document authors. All rights reserved.
The focus of ISO 27001 is to protect the confidentiality, integrity and availability of the information in a company. This is done by finding out what potential problems could happen to the information (i.e., risk assessment), and then defining what needs to be done to prevent such problems from happening (i.e., risk mitigation or risk treatment). Therefore, the main philosophy of ISO 27001 is based on managing risks: find out where the risks are, and then systematically treat them. The requirements set out in ISO/IEC 27001:2013 are generic and are intended to be applicable to all organizations, regardless of type, size or nature.
This gives guidance on how to appropriately protect the confidentiality, integrity and availability of information within any company. This standard is also referenced in the FSR Code of Conduct as organisations must establish and document a policy and procedure for the management of electronic information based on business and security requirements and include this in the schedule of regular audit and review.
|2018-10-22||Digital Intelligence and Investigation||Internal assurance through the DPP programme.|
|Standards | DII Programme Integration||Active|
We’d love you to discuss this item but please be aware that these discussions are publicly accessible.