• What is ISO/IEC 27001?

ISO/IEC 27001 formally specifies an Information Security Management System (ISMS), a suite of activities concerning the management of information security risks.  The ISMS is an overarching management framework through which the organization identifies, analyzes and addresses its information security risks.   The ISMS ensures that the security arrangements are fine-tuned to keep pace with changes to the security threats, vulnerabilities and business impacts – an important aspect in such a dynamic field, and a key advantage of ISO27k’s flexible risk-driven approach as compared to, say, PCI-DSS.

  • Why do organizations need ISO/IEC 27001?

Data security is one of the top 10 risks that keep the C-suite worrying. It is as much a people and process related risk as it is a technology risk. ECCI has been helping organizations manage their information security risk by helping to implement technology solutions as well as process improvement solutions in the form of best practices such as ISO 27001. There are over 22000 organizations certified to this standard since the launch of its original version in 2005.



Who is this for?

The standard covers all types of organizations (e.g. commercial enterprises, government agencies, non-profits), all sizes (from micro-businesses to huge multinationals), and all industries or markets (e.g. retail, banking, defense, healthcare, education, and government).  This is clearly a very wide brief.


There are number of benefits an organization can attain once accredited with ISO 27001

  1. Improves overall Information Security Posture of the organization
  2. Increased Customer and Business Partner Confidence
  3. Provides Competitive Advantage while processing critical or sensitive data
  4. Reduction of Customer and Supply Chain Audits
  5. Compliance towards legal and regulatory requirements
  6. Identification of Critical Assets and potential information security risk treatment measures
  7. Reduction of likelihood of facing prosecutions and fine in case of any data breach
  8. Improved Information Security Awareness among employees
  9. Prevention of market reputation and financial losses which occurs due to data breach

How can we help?

Consulting: Using the ISO 27001 standard and other risk management best practices/frameworks including OCTAVE, ECCI provides strong IT Security advisory services ranging from gap assessments and risk assessments to full-fledged management system implementation.

Training: ECCI prepares practitioners and auditors for information security management through Internal Auditor and Lead Auditor training; ISMS Practitioner and Risk Assessment workshops.

Implementation Toolkit: ECCI has developed a stand-alone ISMS implementation toolkit filled with templates and artifacts for organizations striving to implement information security