The most common misconception about ISO standards, including ISO 27001 is that it is an expensive set of rules that are available in binders, shared folders or intranets and then it has only one use: to collect dust or use disk space and serve as a fancy selling point when trying to sell products or services.
If those standards are nothing but many words, it means that they are not implemented - hence, not truly beneficial for an organization. Learn here how do we implement our standards in our products, services and business processes and it will become apparent why is it truly beneficial for both our customers that we comply with ISO 27001. If it is beneficial to our customers it is beneficial to us. By meeting the requirements set out in ISO 27001 we do not become flawless, but we become committed to continual improvement in respect of information security.
When implementing a standard the most important thing is the context. It is impossible to implement a standard is:
Here are an easy example and a brief description of how we implemented ISO 27001 one of the measures of our core business processes. The example is given to you primarily for you to understand our way of thinking.
Implementing that standard in any context or scope will still not mean that it is perfect.