A handbook providing practical advice for small and medium-sized enterprises (SMEs) has been launched by ISO and the International Electrotechnical Commission (IEC). The handbook is meant to provide a guide on ways to achieve the benefits of implementing an information security management system (ISMS) in accordance with the International Standard ISO/IEC 27001.

The ISO/IEC 27001 was published in 2005 and it remains one of the fastest growing management system standards that are being implemented by thousands of different organizations in over 100 countries around the world.

ISO/IEC 27001 for Small Businesses – Practical advice provides a practical guide and a step-by-step explanation on information security approach for SMEs on the implementation of an ISMS strategy based on the ISO/IEC 27001 standard.

The comment in the foreword to the handbook by Rob Steele states thus: “An information security management system based on ISO/IEC 27001:2005 can empower the small business to compete successfully on today’s globalizing markets. This handbook is intended to provide the key to the door.”

The information in the handbook is like an asset that needs to be protected since it adds value to the organization. Obviously, information security protects data from different threats to a business. It promotes business continuity, minimizes business damage, as well as maximizes the return on investments and business opportunities. The ISMS is a dynamic system built to manage and make sensitive information secure within the company. It covers a wide range of business aspects including people, processes and information technology systems.

Whatever the form of information, be it sensitive data about an organization’s customers, suppliers or stakeholders, they must be protected. Information can be stored in paper form or most likely digital form. The goal is to ascertain safety of an organization’s products, processes or markets.

There is no doubt that information is power. Hence, any organization that failed to protect it’s information can render itself powerless. This is because a breach of data can ruin an organization’s reputation. This can result in financial losses and can cause havoc in business operations.

The ISO/IEC 27001:2005 provides the processes, through which an organization can establish, implement, review, monitor, manage, and maintain an effective ISMS. The implementation of state-of-the-art processes like the ISO 27001 will give customers and suppliers the reassurance that the organization they are dealing with takes issues concerning threats to information security seriously.