ISO/IEC 27001 is the best-known standard in the family providing requirements for an information security management system (ISMS).ISO/IEC 27001 is leading international standard for “The Information technology – Security techniques -Information security management systems -Requirements” published by the international Organization for Standardization. Last version is 2005, in past 8 years , the global information technologies change very fast , the policy and standard have to change accordingly.

After 8 years the 2005 reversion was replaced by ISO/IEC 27001:2013 reversion.

• Protect Document Security
• Protect Cloud Security
• Protect Customer Data and Privacy
• Protect Company Digital Property
• Get more Business Opportunity from customers
• Quality Assurance
• Prevent Data Leak

New Controls:

A.6.1.5 Information security in project management

A.12.6.2 Restrictions on software installation

A.14.2.1 Secure development policy

A.14.2.5 Secure system engineering principles

A.14.2.6 Secure development environment

A.14.2.8 System security testing

A.15.1.1 Information security policy for supplier relationships

A.15.1.3 Information and communication technology supply chain

A.16.1.4 Assessment of and decision on information security events

A.16.1.5 Response to information security incidents

A.17.2.1 Availability of information processing facilities

Controls Detail

A.5: Information security policies (2 controls)

A.6: Organization of information security (7 controls)

A.7: Human resource security – 6 controls that are applied before, during, or after employment

A.8: Asset management (10 controls)

A.9: Access control (14 controls)

” A.10: Cryptography (2 controls) “

A.11: Physical and environmental security (15 controls)

A.12: Operations security (14 controls)

A.13: Communications security (7 controls)

A.14: System acquisition, development and maintenance (13 controls)

A.15: Supplier relationships (5 controls)

A.16: Information security incident management (7 controls)

A.17: Information security aspects of business continuity management (4 controls)

A.18: Compliance; with internal requirements, such as policies, and with external requirements, such as laws (8 controls)

All organizations and companies who got ISO/ IEC 27001: 2005 version certification required to convert the current system to ISO/IEC 27001:2013 version before September, 2015.

New ISO / IEC 27001:2013 version is released officially in October, 2013.
It publishes new regulations and pay more attention on “ information safety control “. Particular in controls ” A10 ” – Cryptography & ” A15 ” – supplier relationship.

” A10 ” : to ensure proper and effective use of cryptography to protect the confidentiality, authenticity and / or integrity of information
” A15 ” : Users shall be deterred from using information processing facilities for unauthorized purposes.

Flipscloud assists companies to achieve the requirements of ” information safety control ” from ISO/ IEC 27001: 2013 by 4 main functions which track the users path of the data, assign the access right for each file and build strong defense ” AES-256 ” encryption for files in public space.

1. Encryption
2. Watermark
3. Cryptography
4. Key Management

The data leak and cyber security will impact all business and personal field. People talk many about “Big Data” advantages, but it is also equal to “Big Data” risks , the encryption is key for reducing information leak risks. As research, many reports of research companies indicate the whole market-size of software and hardware encryption will be over 200 billion dollars in 2017.