Nowadays, companies are increasingly faced with risks and insecurity derived from a wide range of sources that can seriously damage their information systems and can jeopardise the continuity of their business.
In this sense, it is fundamental for companies to assess their associated risks and establish suitable strategies and controls that ensure the permanent protection and safeguard of information.
Effective management of information security enables to ensure:
- Its confidentiality, ensuring that only those authorised can gain access to the information.
- Its integrity, ensuring that both the information and its process methods are exact and complete, and
- Its availability, ensuring that authorised users have access to the information and to associated assets when they require doing so.
AENOR's Information Security Management System certification contributes to the promotion of activities aiming to protect information in organisations, improving their image and inspiring confidence vis-à-vis
third parties. AENOR implements this certification according to UNE ISO/IEC 27001, international standard for ISMS certification, which establishes requirements for the implementation, documentation and assessment of an information security management system.
Requirements on UNE ISO/IEC 27001 are complementary to those included in any other implemented management system, such as quality management to ISO 9001 or environmental management to ISO 14001.
