Finserv Glossary


Table of Contents

What is the International Organization for Standardization (ISO)?

naehas glossary isoAlso known as the ISO 27000 Family of Standards, ISO is an international standard on how to manage information security. It serves as a series of information security standards that provide a global framework for information security management practices. ISO/IEC 27000:2018 focuses on information technology, security techniques and information security management systems. It details requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS) – the aim of which is to help organizations make the information assets they hold more secure.

Organizations that meet the standard’s requirements can choose to be certified by an accredited certification body following successful completion of an audit. Originally published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in 2005, it was revised in 2013. ISO/IEC 27001 is A European update of the standard that was published in 2017.

naehas glossary iso 1Particularly in the financial services industry, ISO offers myriad benefits to an institution, including but not limited to protecting an organization from security threats, cyber criminals and data breaches. As noted by IT Governance EU, ISO 27001’s framework ensures that the tools are in place to strengthen an organization across the three pillars of cyber security: people, processes and technology. Banks can use the Standard to identify the relevant policies needed to document, the technologies to protect you and the staff training to avoid mistakes. It helps organizations avoid regulatory fines, protects its reputation, reassures stakeholders it takes information security seriously, and is useful in providing structure and focus.

Its website offers the following: ISO standards are internationally agreed by experts, which ISO recommends are used as a formula that describes the best way of doing something.
It could be about making a product, managing a process, delivering a service or supplying materials – standards cover a huge range of activities. Further, standards are the distilled wisdom of people with expertise in their subject matter and who know the needs of the organizations they represent – such as sellers, buyers, customers, trade associations, users or regulators, for instance, IT security standards to help keep sensitive information secure.

History of the ISO

In London, in 1946, 65 delegates from 25 countries met to discuss the future of International Standardization. In 1947, ISO officially came into existence with 67 technical committees (groups of experts focusing on a specific subject). In 1949, ISO moved into offices in a small, private house in Geneva. In the early 1950s the Central Secretariat had 5 members of staff. In 1995, ISO launched its first website. In 2005, ISO and IEC’s joint technical committee JTC1 launched ISO/IEC 27001, a management system standard on information security. As businesses become increasingly reliant on information technology, securing the system and minimizing risks is ever more important. ISO 27001:2005 has become one of ISO’s most popular standards.