MANAGEMENT & PROTECTION SYSTEMS

ISO 27001

A- What is an Information Security Management System

The Information Security Management System (I.S.M.S.) is that part of the business management system based on the approach to risks to the activity that aims to establish, implement, implement, monitor, review, maintain and improve information security.
The object of protection is information, as information is an asset that has value for an organization and must therefore be appropriately protected.
The information subject to protection can be of various kinds (paper, electronic and even verbal) and directed for any purpose: created, transmitted, used or processed, stored and destroyed.

CONFIDENTIALITY: the information must be accessible only by those authorized by it

INTEGRITY : the accuracy and completeness of the information and processing methods must be safeguarded

AVAILABILITY' : authorized users must have access to information and related goods when they need it

The assets correlated with the information security management system are certainly information assets, paper documents, software and hardware present in the company, but also the same staff, corporate reputation, corporate image and services.