ISO/IEC 27001:2013 Information Security Management System outlines the requirements for establishing, implementing, maintaining and continually improving an information security management system.
Why do business entities need to be qualified for ISO/IEC 27001:2013 certification?
This International Standard issued by ISO organization is intended to establish an organizational framework that preserves the confidentiality, integrity and availability of information by applying a risk management process and gives confidence to interested parties that risks are adequately managed.
What is the ISO/IEC 27001:2013 certification Body?
There are several certification bodies with respect to ISO/IEC 27001:2013 where such bodies audit and check the existence and conformity of information security management system in accordance with the requirements set forth in ISO/IEC 27001:2013. If the system proves to be compliant, the certification is awarded to the business entity.
It is worth mentioning that International Organization for Standardization prevents the certification body from performing any advisory role for the clients.
What is the role of Baker Tilly in assisting business entities with qualifying for ISO/IEC 27001:2013 certification?
Baker Tilly performs an advisory role, which will help business entities implement the detailed aspects of ISO/IEC 27001:2013 in their operating policies and procedures within IT function in connection with information security. Such advisory role covers the following:
- Gap analysis.
- Developing information security management system manuals.
- Supervising the implementation process.
- Internal audits.
- Technical support during the certification process.
It is worth mentioning that Baker Tilly does not award ISO/IEC 27001:2013 certification.
Is there instruction by any regulator to regulated entities to obtain ISO/IEC 27001:2013 certification?
Pursuant to Central Bank of Kuwait Circular to all Kuwaiti Banks for obtaining certification of ISO/IEC 27001:2013 Information Security Management System dated 11 July 2019, all banks are required to obtain ISO/IEC 27001:2013 certification from an accredited certification body not later than 31 December 2020 as well as ensuring the renewal and continuing validity of the certification.
What is the added value to business entities from obtaining ISO/IEC 27001:2013 certification?
- Maintain security of confidential information.
- Protect business entity’s reputation and enhance confidence of interest parties.
- Minimize risks and protect the interests of business entity, shareholders and other stakeholders.
- Help business entity comply with regulatory and legal requirements.
What are the services offered by Baker Tilly?
Qualify the business entity’s management system to conform to the requirements of ISO/IEC 27001:2013