What is this standard about?
It provides guidance on the governance of information security.
Who is this standard for?
Governing bodies in all types and sizes of organization.
Why should you use this standard?
Information security has become a key issue for organizations. Not only are there increasing regulatory requirements but the failure of an organization’s information security measures can have a direct impact on an organization’s reputation.
Therefore, the governing body, as part of its governance responsibilities, is increasingly required to oversee information security to ensure the objectives of the organization are achieved.
To that end, this standard provides guidance on concepts and principles for the governance of information security, helping organizations evaluate, direct, monitor and communicate information security related activities within the organization. It provides the mandate essential for driving information security initiatives through the organization.
Furthermore, an effective governance of information security ensures that the governing body receives relevant reporting framed in a business context about information security-related activities.
This standard will help organizations achieve an agile approach to decision-making about information risks and allow organizations to make pertinent and timely decisions about information security issues in support of the strategic objectives of the organization.
BS ISO/IEC 27014:2013 allows users to:
- Align information security objectives with business strategy
- Deliver value to stakeholders and governing bodies
- Ensure information risk is being adequately addressed
- Provide visibility on information security status
- Make efficient and effective investments on information security
- Achieve compliance with external requirements (legal, regulatory or contractual)