ISO/IEC 27001

Case studies, Research and Supporting Materials tagged as ISO/IEC 27001.

Return to Topic Areas

Dubai Maritime City Authority (DMCA), the government authority charged with regulating, coordinating and supervising all aspects of Dubai’s maritime sector, has achieved certification against four leading management system standards.

DMCA has been certified to the ISO Quality Management System ISO 9001, the ISO Environmental Management System ISO 14001, the Health and Safety Management System OHSAS18001 and the ISO Information Security Management System ISO 27001.

DMCA believes that the use of standards and certification against these standards helps support their world-class aims. Building on the four certifications in 2015, in 2016 DMCA will work on the ISO Customer Satisfaction Standard, SA 800 Social Accountability Standard and ISO 22301 Business Continuity MAnagement System standard. DMCA will also update its Quality Management System to the latest 2015 version.

Further details can be seen here

In a 2011 Notification as part of the Information Technology Act 2000, the Indian Ministry of Communications and Technology quotes ISO 27001 as one of the means organisations ‘shall be considered to have complied with reasonable security practices and procedures, if they have implemented such security practices and standards and have a comprehensive documented information security programme and information security policies that contain managerial, technical, operational and physical security control measures that are commensurate with the information assets being protected with the nature of business.’

Further information here

Cyber Essentials is a new Government-backed and industry supported scheme to guide businesses in protecting themselves against cyber threats.

Cyber Essentials is for all organisations, of all sizes, and in all sectors – we encourage all to adopt the requirements as appropriate to their business. This is not limited to companies in the private sector, but is also applicable to universities, charities, and public sector organisations.

Cyber Essentials is mandatory for central government contracts advertised after 1 October 2014 which involve handling personal information and providing certain ICT products and services.

‘The technical controls within (the Cyber Esentials) document focus on five essential mitigations within the context of the ‘10 Steps to Cyber Security’. They reflect those covered in well-established and more extensive cyber standards, such as the ISO/IEC 27000 series’.

Further information here

In the English Midlands, Birmingham City Council use and have certification to ISO 9001 and ISO/IEC 27001. This has enabled the Council to both improve its processes and to make a strong statement about how it operates, especially important for them with data integrity. (UK)

Click here for further details

 

Dubai Ministry of Labour (DoL) has been recertified to ISO/IEC 27001, meaning the DoL has had this certification since 2011. Ahmad Yousuf Al Nasser, Director of the IT Dept. at the Ministry of Labour stated that ‘(ISO/IEC 27001 certification) achieved a number of advantages most notably was its global recognition on information security systems, establish landmarks on information security systems and build an integrated system that depends on continuing operations applied for proper info protection.’ (Dubai)

Click here for further details

 

A further example of the public sector using ISO/IEC 27001 is the Legal Ombudsman of England & Wales. The process of implementing the standard have delivered improved performance in areas such as risk management, but most significantly the certification has given greater confidence to the Legal Ombudsman’s users in their services and especially their ability to manage their data securely. (UK)

Click here for further details

 

Certification to ISO/IEC 27001 has also been used by the State Revenue Committee of the Republic of Armenia. Certification has been used here in this example as data security is seen as one of the cornerstones for delivering high quality public service. (Armenia)

Click here for further details

 

The value of information security management standards has also been seen by the Norwegian Agency for Public Management and eGovernment (Difi). Difi has signed an agreement with Standards Norway which allows over 200 government organisations access to key standards for information security management, including ISO/IEC 27001. The aim of these organisations is to improve their information security management by the implementation of these standards. (Norway)

Click here for further details