What information does your business handle? Is it sensitive or confidential data that might be used to create a hacker’s treasure trove if accessed? Next, establish an appropriate level of protection for the assessed risks by taking some simple steps outlined below.
Know your data
What type of information is stored, and where? Does it include PII or other types of sensitive personal information? Are there any regulations (such as HIPAA) that might demand a higher level of protection than you had originally planned for?
Consider the risks
The risks to your data have not changed, but how you address them has. In the past, many companies were content with a low level of protection because they couldn’t be hacked anyway. But today hackers are more sophisticated and determined than ever before—and they don't want just any information; they're looking for the data that will be most lucrative if they can get their hands on it.
Install and maintain appropriate controls
Depending on your industry, you may need to implement a variety of solutions to meet compliance requirements. You'll also want to periodically review those measures to ensure they are still doing what needs to be done.
This is not just about protecting your information from hackers; it's also about the company culture of security awareness and protection that you need to develop throughout every part of your business, including employees, customers, partners, and vendors.
The last step in this checklist is to document everything you've done.
Review the ISO 27001 checklist periodically to make sure your company is on track and that all of the necessary measures are in place.