The compliance with ISO 27001 should be of interest to every organization which stores confidential information on internal or external systems, whose business depends on such systems and who wish to demonstrate that it is managing information resources following the best world recommendations. The following table presents possible applications of this norm:
Type of organization
|
Size of organization |
Primary goal of ISMS implementation |
ISO 27001 way of usage
|
|
Less than 200 employees
|
Raising awareness of management understanding the importance of information safety
|
The norm includes security topics that need to be covered as a part of an efficient organizational management
|
Middle-sized organization
|
Less than 5000 employees
|
Creating appropriate corporate security culture
|
The norm comprises requests that need to be integrated into business
|
|
More than 5000 employees
|
Achieving certification
|
Strict compliance with the norm in order to create efficient ISMS
|
Regardless of the number of employees, the greater the organization’s dependence on information systems, the greater the risk for organization's business, emerging from threats and vulnerability to information systems. Thus, the need for appropriate information security management also increases. Governmental agencies and organizations related to financial business and organizations related to health are naturally exposed to the largest amount of risk on information systems.
|