CASRO ISO 27001 CertificationISO Research Standards - 20252 & 26362CASRO Homepage

Contact us

Does your company have an adequate
Information Security Plan?

If the answer is NO — you need one, now.

If the answer is YES
how do you communicate that fact quickly & easily to clients?

ISO 27001 Certification Can Help
No matter the state of your information security infrastructure

Learn More
How ISO 27001 Can Bolster Your Company’s Information Security & Meet Client Demands:
CASRO has embraced the ISO 27001/27002 standards as a recommended option for research companies to use as a framework to develop an information security management system to protect the valuable information we collect. The New York Stock Exchange came to the same conclusion as noted in its recently published Guide to Cybersecurity: "ISO/IEC 27001… is a comprehensive standard and a good choice for any size of organization because it is respected globally and is the one most commonly mapped against other standards.”

Securing the data that research companies collect, store and transmit is not solely a technology issue. Effective data security requires a comprehensive plan that includes educating your people and formulating processes to avoid mishandling or unauthorized access. One approach is to employ the ISO 27001 standard framework as an information security solution.

Is your company bombarded with lengthy data security/data protection questionnaires from current and potential clients? Are you uncertain how to answer these inquiries completely and correctly? Failure to respond to such requests or doing so Insufficiently or inaccurately can lead to lost business and/or risk exposure for your company.

ISO 27001 implementation and certification can provide your company with an information security framework that can help you win business and educate your staff on key measures for protecting your valuable data.

Even if you don’t pursue certification, this globally recognized standard can guide you in identifying your company’s information flow and vulnerabilities and provide you with best practices for implementing and managing an Information Security Management System.

Access Free Informational Webinar
Get the information you need to improve your company’s Information Security Management System and see if ISO 27001 certification is the right path for your firm.

Register for 27K Foundation Course
CASRO's special 2-Day program — tailored specifically to Market Research firms — will fully explain the components of this standard, how it can provide a framework for your specific information security needs and detail what controls can be put in place to protect your valuable data.

ISO 27000 Overview and Vocabulary:
Free Download
Information technology - Security techniques - Information security management systems

Information Security:
10 Steps to Manage Supplier Risk

What Is ISO 27001?

ISO 27001 provides a framework for companies to manage their data security. It establishes requirements for information controls to manage people, processes and technology and protect valuable company data. Certification to this standard demonstrates to clients and potential clients that your company takes data security seriously.

Why is ISO 27001 relevant?

Umbrella framework to meet requirements of:

Federal – HIPAA, GLB, SOX
State – MA, CA Privacy laws
Industry – PCI DSS

Contractual – Your Clients
ISO/IEC 27001 & 27002 IT Security Techniques Package

Read Full Description of ISO 27001 and ISO 27002 (the controls applicable to ISO 27001)

ISO 27001

This International Standard has been prepared to provide requirements for establishing, implementing, maintaining and continually improving an information security management system. The adoption of an information security management system is a strategic decision for an organization. The establishment and implementation of an organization’s information security management system is influenced by the organization’s needs and objectives, security requirements, the organizational processes used and the size and structure of the organization. All of these influencing factors are expected to change over time.

The information security management system preserves the confidentiality, integrity and availability of information by applying a risk management process and gives confidence to interested parties that risks are adequately managed. It is important that the information security management system is part of and integrated with the organization’s processes and overall management structure and that information security is considered in the design of processes, information systems, and controls. It is expected that an information security management system implementation will be scaled in accordance with the needs of the organization. This International Standard can be used by internal and external parties to assess the organization’s ability to meet the organization’s own information security requirements. The order in which requirements are presented in this International Standard does not reflect their importance or imply the order in which they are to be implemented. The list items are enumerated for reference purpose only. ISO/IEC 27000 describes the overview and the vocabulary of information security management systems, referencing the information security management system family of standards (including ISO/IEC 27003[2], ISO/IEC 27004[3] and ISO/IEC 27005[4]), with related terms and definitions.

0.2 Compatibility with other management system standards

This International Standard applies the high-level structure, identical sub-clause titles, identical text, common terms, and core definitions defined in Annex SL of ISO/IEC Directives, Part 1, Consolidated ISO Supplement, and therefore maintains compatibility with other management system standards that have adopted the Annex SL. This common approach defined in the Annex SL will be useful for those organizations that choose to operate a single management system that meets the requirements of two or more management system standards.