What ISO certification is for an IT department?

[Johnny Quality]

ISO standards generally tell you what should be done or achieved. More like a list of principles rather than BoM with specific items.

ISO 27001:2013 (Information technology — Security techniques — Information security management systems — Requirements) has the following scope:

This International Standard specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. This International Standard also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in this International Standard are generic and are intended to be applicable to all organizations, regardless of type, size or nature. Excluding any of the requirements specified in Clauses 4 to 10 is not acceptable when an organization claims conformity to this International Standard.

If this sounds like it could be of value to your organization then I suggest you grab a copy of the standard and see what's inside.

 

[hattan]

ISO standards generally tell you what should be done or achieved. More like a list of principles rather than BoM with specific items.

ISO 27001:2013 (Information technology — Security techniques — Information security management systems — Requirements) has the following scope:

This International Standard specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. This International Standard also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in this International Standard are generic and are intended to be applicable to all organizations, regardless of type, size or nature. Excluding any of the requirements specified in Clauses 4 to 10 is not acceptable when an organization claims conformity to this International Standard.

If this sounds like it could be of value to your organization then I suggest you grab a copy of the standard and see what's inside.

thank you for this.

ISO standards generally tell you what should be done or achieved. More like a list of principles rather than BoM with specific items.

ISO 27001:2013 (Information technology — Security techniques — Information security management systems — Requirements) has the following scope:

This International Standard specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. This International Standard also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in this International Standard are generic and are intended to be applicable to all organizations, regardless of type, size or nature. Excluding any of the requirements specified in Clauses 4 to 10 is not acceptable when an organization claims conformity to this International Standard.

If this sounds like it could be of value to your organization then I suggest you grab a copy of the standard and see what's inside.

thank you for this info.

 

[qualprod]

because i just got to know this recently about ISO 27001:2013, isn't this for IT ?

There is no doubt that the implementation of a Standard gives you valuable and proved guidelines and tools to help your business, however
involves resources: people, training, certification, maintenance of system and certificate, auditing and of course for all of this , you need to have money.
Other point, you may save money, to have benefits of the implementation, without being certified, but again the question, what is the reason?
Most of the customers, when require to you a standard , they need the certification.
On the other hand, not necessarily by applying the standard, you will have a better performance, you might have better practice/knowledge
without the standard.
An example: Toyota , until I know, doesn´t have ISO, however has other methods/preactices which uses to be into the
most successful automotive manufacturers.
Hope this helps

 

[indubioush]

ow the network cabling is done, or what type of switches are used..

ISO 27001 will not provide you with detailed information like this. If you do a web search for ISO 27001 checklist, you will see some checklists that will give you an idea of the content in this standard.

It seems to me that you need to find someone who has experience setting up servers to help you.