July 12, 2022

The 3 Information Security Pillars according to ISO 27001:2013

Meet now the 3 Information Security Pillars and find out how ISO 27001:2013 may be differential in your own operations.

In today’s article, I’ll be introducing the topic of the 3 Information Security Pillars. After all, information security has been taking over the market’s room little by little. 27001 is an important ISO, of voluntary adoption and that might make a big difference to your company.

In any case, we have come to the conclusion that the 3 information security pillars available in ISO 27001 are extremely useful to any company and it is helpful for information treatment. They are the base fundaments of building a system that protects the own company and guarantees that, the clients as well, get the same protection they deserve.

The 3 information security pillars are Availability, Confidentiality and Integrity. Let’s take a look at each one of them.

Availability

This pillar is directly linked to the possibility of access to information.

According to the pillar, all information must always be at disposal, and on 2 different levels

Time – When the information is needed;
Locality – When it must be utilized.

In that way, a single document must not be unavailable to those who need it, regardless of the reason.

Obviously, there are rules involved in the information availability. And this principle is directly affected by our next concept, the Confidentiality pillar.

Confidentiality

The second one of the 3 information security pillars is Confidentiality. According to the pillar, access to information must only be granted to those who have the permission to access it.

In this way, even though the required information is available when and where it is necessary, it is mandatory that only those who have the authorization will access them.

Integrity

This might be the pillar that most causes doubts between management system professionals. However, we will see that it is not incomprehensible. Basically, we can say that the Integrity pillars is divided in 3:

We must avoid that any information deteriorates or loses the capability of being comprehensible. What that means is, as an example, that there mustn’t be any information stored physical documents “catching dust”. If the paper deteriorates, the information loses it’s integrity. In digital ways, we can mention the similar case of corrupted files or compromised bank data.

Furthermore, we must protect all data against type of UNINTENTIONAL alterations. When, for an example, updating a client’s registration, it is possible that the person who’s responsible for the update might get confused and updates the registration of the wrong client. In that case, it corresponds to an information integrity malfunction. It is also worth mentioning that even though it is incorrect, the information may still attend to the other pillars, in other words, it might still be available and be suitable for the confidentiality principles;

We must also guarantee that intentional alterations maintain the information correct and intact. Therefore, our management systems require gadgets that, makes sure that no dishonest modification is made (or detected), just as any possible incorrect modification, resulted from lack of training, for an example, is not committed. In short, the information’s “content” must be intact and trustworthy.

To summarize:

If we could sum up all of the 3 information security pillars in a single sentence, I would say that:

The information that we decide to control must be available when and where necessary (Availability), making sure that only those who have the authorization will be granted of access to the information (Confidentiality) and, last but not least, still ensuring that the information is trustworthy and can be utilized for it’s due purposes (Integrity).

The importance of Information Security

Without any doubts, we can all affirm that essential information is available in every single company and within each company’s sections. Therefore, managing information started to be a necessity of any interested parts as a whole.

And as if this was not enough, a truly efficient information management system can also provide useful data to the company, assisting the company to obtain competitive advantages and improving as a whole.

QMS Certification

QMS is an accredited third party certification body, it is currently present in 33 countries and focuses on the certification of management systems. QMS America is managed by the US office and has consistently grown in market recognition by technical level, customer satisfaction and competitive pricing.

Become an ISO Certification Auditor

Everything you need to know about becoming an ISO certification auditor (ISO 9001, 14001, 45001, and other standards) and achieving professional success!

How to Engage Employees in ISO Implementation

Learn how to engage employees in ISO implementation in 4 fundamental steps and achieve superior results.

Understand the Importance of Process Mapping

Understand why Process Mapping is crucial for your company’s performance and for the continuous improvement of your QMS. Read now!

3 Essential Indicators for an Effective Quality Management System

3 Essential Indicators for a Quality Management System

There are 3 indicators for a Quality Management System that are essential for any organization, regardless of the field of activity, check which ones they are and if they match what your company has today.

What are the changed requirements in ISO 27001:2022?

Discover the changed requirements in ISO 27001:2022 and make the transition to the standard in a much simpler and result-focused way!

Non-Conformity Management: Root Cause Analysis

In the world of quality management, one of the most crucial aspects is the effective management of non-conformities. Root cause analysis is an indispensable procedure in this context, providing a path to prevent their recurrence. Learn more!

Greenwashing and Social Washing

The terms “Greenwashing” and “Social Washing” are interconnected, as both involve deceptive practices adopted by companies aiming to give the impression that they are committed to environmental and social sustainability when, in reality, their actions are not as beneficial as they appear.

ISO and Climate Change: How Standards Can Save Our Planet

Every day, the evidence of climate change in the world becomes more apparent, a clear result of environmental challenges, and with that, the search for sustainable solutions has become essential. This is how ISO and Climate Change are related, understand.

Transition to ISO 27001:2022 – Information

Understand the main factors that led to the transition of ISO 27001:2022 and how to carry out the transition!