Skip to main content

Insights Association

  • Register for news, events and more!
  • Sign In

Insights Association

  • Find a Partner
  • Be a Member
  • Get Support
  • Promote MR/A
  • Stay Informed
  • Network & Learn
  • Advance Your Career

ISO Information Security Standard - 27001

  • Diversity & Inclusion Council
  • ISO Information Security Standard - 27001
  • ISO Research Standard - 20252
  • Industry Benchmarking Surveys
  • Insights Association Privacy Shield Program
  • Professional Liability Insurance
  • Information Security Services
  • CCPA Portal
  • Coronavirus Information & Resources
  • GDPR Portal
  • Model Contracts and Clauses

Does Your Market Research/Data Analytics Company
Have an Adequate Information Security Program?

If the answer is NO — you need one, now.
If the answer is YES — how do you communicate that fact quickly & easily to clients?
 

ISO 27001 Certification Can Help —No matter the state of your information security infrastructure

The Insights Association has embraced the ISO 27001 Information Security standard as the recommended option for research and analytics companies to use as a framework to implement and Information Security Management System (ISMS). The New York Stock Exchange came to the same conclusion as noted in its recently published Guide to Cybersecurity: "ISO 27001… is a comprehensive standard and a good choice for any size of organization because it is globally-accepted and is the one most commonly mapped against other standards.”

Securing the data that research and analytics companies collect, store and transmit is not solely a technology issue. Effective data security requires a comprehensive plan that includes educating your people and formulating processes to avoid mishandling or unauthorized access.

Is your company bombarded with lengthy data security/data protection questionnaires from current and potential clients? Are you uncertain how to answer these inquiries completely and correctly? Failure to respond to such requests or doing so insufficiently or inaccurately can lead to lost business and/or risk exposure for your company.

ISO 27001 implementation and certification provides your company with a strategic information security framework that can help you win business and educate your staff on key measures for protecting your valuable data.

Even if you don’t pursue certification, this globally recognized standard can guide you in identifying your company’s information flow and vulnerabilities and provide you with best practices for implementing and managing an Information Security Management System.

What Is ISO 27001?

ISO/IEC 27001 provides a framework for companies to manage their data security. It establishes requirements for information security controls that manage people, processes and technology and protect valuable company data. Certification to this standard demonstrates to existing clients and potential new clients that your company takes information security seriously.

PURCHASE THE ISO 27001 STANDARDS REQUIREMENTS DOCUMENT

Why is ISO 27001 relevant?

  •    Umbrella framework to meet requirements of:
  •    Federal – HIPAA, GLB, SOX
  •    State – MA, CA Privacy laws
  •    Industry – PCI DSS
  •    Contractual – Your Clients
  •    ISO/IEC 27001 & 27002 IT Security Techniques Package

  
Full Description of ISO 27001 and ISO 27002 (the controls applicable to ISO 27001)

   ISO 27001

This International Standard has been prepared to provide requirements for establishing, implementing, maintaining and continually improving an information security management system. The adoption of an information security management system is a strategic decision for an organization. The establishment and implementation of an organization’s information security management system is influenced by the organization’s needs and objectives, security requirements, the organizational processes used and the size and structure of the organization.

The information security management system preserves the confidentiality, integrity and availability of information by applying a risk management process and gives confidence to interested parties that risks are adequately managed. It is important that the information security management system is part of an integrated with the organization’s processes and overall management structure and that information security is considered in the design of processes, information systems, and controls. This International Standard can be used by internal and external parties to assess the organization’s ability to meet the organization’s own information security requirements. The order in which requirements are presented in this International Standard does not reflect their importance or imply the order in which they are to be implemented. The list items are enumerated for reference purpose only. ISO/IEC 27000 describes the overview and the vocabulary of information security management systems, referencing the information security management system family of standards (including ISO/IEC 27003[2], ISO/IEC 27004[3] and ISO/IEC 27005[4]), with related terms and definitions.

  ISO 27002

ISO/IEC 27002 is a code of practice - a generic, advisory document, not a formal specification such as ISO/IEC 27001. It recommends information security controls addressing information security control objectives arising from risks to the confidentiality, integrity and availability of information. Organizations that adopt ISO/IEC 27002 must assess their own information risks, clarify their control objectives and apply suitable controls (or indeed other forms of risk treatment) using the standard for guidance.

  Relationship to ISO/IEC 27001

ISO/IEC 27001 formally defines the mandatory requirements for an Information Security Management System (ISMS). It uses ISO/IEC 27002 to indicate suitable information security controls within the ISMS, but since ISO/IEC 27002 is merely a code of practice/guideline rather than a certification standard, organizations are free to select and implement other controls, or indeed adopt alternative complete suites of information security controls as they see fit. ISO/IEC 27001 incorporates a summary (little more than the section titles in fact) of controls from ISO/IEC 27002 in Annex A. In practice, most organizations that adopt ISO/IEC 27001 also adopt ISO/IEC 27002.

About Us

The Insights Association protects and creates demand for the evolving Insights and Analytics industry by promoting the indisputable role of insights in driving business impact. All revenue is invested in quality standards, legal and business advocacy, education, certification and direct support to enable our members to thrive.

The 2019 IA Code of Standards and Ethics for Marketing Research and Data Analytics may be found here.

More About Us

About Our Members

Our members are the world's leading producers of intelligence, analytics and insights defining the needs, attitudes and behaviors of consumers, organizations and their employees, students and citizens. With that essential understanding, leaders can make intelligent decisions and deploy strategies and tactics to build trust, inspire innovation, realize the full potential of individuals and teams, and successfully create and promote products, services and ideas. 

Learn How We Do It

Contact Us

1156 15th Street NW, Suite 700
Washington, DC 20005
(202) 800-2545
  • LinkedIn
  • Twitter
  • Facebook
Insights Association
  • FAQs
  • Privacy Policy
  • Media

© Insights Association 2021