What is ISO 27014 on the governance of information security about?
ISO 27014 discusses information security, cybersecurity and privacy protection. ISO 27014 provides guidance on concepts, objectives and processes for the governance of information security, by which organizations can evaluate, direct, monitor and communicate the information security-related processes within the organization.
Who is ISO 27014 on the governance of information security for?
ISO 27014 on the governance of information security is useful for:
- Governing bodies for information security
- Top management in firms
- Entities responsible for evaluating, directing and monitoring an information security management system (ISMS) based on ISO 27001
- Entities responsible for information security management that takes place outside the scope of an ISMS based on ISO 27001, but within the scope of governance
Why should you use ISO 27014 on the governance of information security?
Information security is a key issue for organizations, amplified by rapid advances in attack methodologies and technologies, and corresponding increased regulatory pressures. The failure of an organization’s information security controls can have many adverse impacts on an organization and its interested parties including, but not limited to, the undermining of trust.
ISO 27014 ensures effective implementation of information security and provides assurance that:
- Directives concerning information security are followed
- You will receive reliable and relevant reporting about information security-related activities
ISO 27014 assists you in making decisions concerning the strategic objectives for the organization by providing information about information security that can affect these objectives. ISO 27014 also ensures that the information security strategy aligns with the overall objectives of your organization.
What’s changed since the last update?
BS ISO/IEC 27014:2020 replaces ISO/IEC 27014:2013, which has been technically revised. The main changes in BS ISO/IEC 27014:2020 compared to ISO/IEC 27014:2013 are as follows:
- The document has been aligned with ISO 27001:2013
- The requirements in ISO 27001 which are governance activities have been explained
- The objectives and processes of information security governance have been described