ISO 27001

ISO/IEC 27001:2013 (or ISO 27001) is an international standard that provides a foundation for establishing an information security management system (ISMS) in organizations. Its goal is to continuously assimilate, preserve, and improve the management of security information in organizations. Regardless of size or company profile, ISO 27001 helps identify and mitigate current and future threats to data management while minimizing the risks of a leakage of information.

ISO 27001 was developed against the backdrop of the Internet of Things (IoT), emergent data analytics capabilities, and the digital marketplace, all of which have created unique business risks for companies of all sizes. To best identify and mitigate these risks, standards such as ISO 27001, have been formalized to provide a structure to improve the management of information security in organizations.

ISO 27001 provides an overall risk-based approach to operate, monitor, and maintain information security. A strong ISMS sets the overall information security and cyber security architecture for a company’s day-to-day activities.
Companies may wish to consider conforming to additional frameworks such as NIST (National Institute of Standards and Technology’s Framework for Improving Critical Infrastructure Cyber security) and Cobalt based on the level of risk inherent in their information systems, available resources, and their current cyber security plan.

Compliance with information security governance in the current medical device landscape is of essential importance. Li-Med’s rich experience in developing and deploying customized ISMS solutions can be used to develop such systems while supporting rapid development efforts.