QMS Certification Blog

The 3 Information Security Pillars according to ISO 27001:2013

Meet now the 3 Information Security Pillars and find out how ISO 27001:2013 may be differential in your own operations.

 In today’s article, I’ll be introducing the topic of the 3 Information Security Pillars. After all, information security has been taking over the market’s room little by little. 27001 is an important ISO, of voluntary adoption and that  might make a big difference to your company.

In any case, we have come to the conclusion that the 3 information security pillars available in ISO 27001 are extremely useful to any company and it is helpful for information treatment. They are the base fundaments of building a system that protects the own company and guarantees that, the clients as well, get the same protection they deserve.

The 3 information security pillars are Availability, Confidentiality and Integrity. Let’s take a look at each one of them.



This pillar is directly linked to the possibility of access to information.

According to the pillar, all information must always be at disposal, and on 2 different levels

  • Time – When the information is needed;
  • Locality – When it must be utilized.

In that way, a single document must not be unavailable to those who need it, regardless of the reason.

Obviously, there are rules involved in the information availability. And this principle is directly affected by our next concept, the Confidentiality pillar.



The second one of the 3 information security pillars is Confidentiality. According to the pillar, access to information must only be granted to those who have the permission to access it.

In this way, even though the required information is available when and where it is necessary, it is mandatory that only those who have the authorization will access them.



This might be the pillar that most causes doubts between management system professionals. However, we will see that it is not incomprehensible. Basically, we can say that the Integrity pillars is divided in 3:


  1. We must avoid that any information deteriorates or loses the capability of being comprehensible. What that means is, as an example, that there mustn’t be any information stored physical documents “catching dust”. If the paper deteriorates, the information loses it’s integrity. In digital ways, we can mention the similar case of corrupted files or compromised bank data.


  1. Furthermore, we must protect all data against type of UNINTENTIONAL alterations. When, for an example, updating a client’s registration, it is possible that the person who’s responsible for the update might get confused and updates the registration of the wrong client. In that case, it corresponds to an information integrity malfunction. It is also worth mentioning that even though it is incorrect, the information may still attend to the other pillars, in other words, it might still be available and be suitable for the confidentiality principles;


  1. We must also guarantee that intentional alterations maintain the information correct and intact. Therefore, our management systems require gadgets that, makes sure that no dishonest modification is made (or detected), just as any possible incorrect modification, resulted from lack of training, for an example, is not committed. In short, the information’s “content” must be intact and trustworthy.


To summarize:

If we could sum up all of the 3 information security pillars in a single sentence, I would say that:

The information that we decide to control must be available when and where necessary (Availability), making sure that only those who have the authorization will be granted of access to the information (Confidentiality) and, last but not least, still ensuring that the information is trustworthy and can be utilized for it’s due purposes (Integrity).


The importance of Information Security

Without any doubts, we can all affirm that essential information is available in every single company and within each company’s sections. Therefore, managing information started to be a necessity of any interested parts as a whole.

And as if this was not enough, a truly efficient information management system can also provide useful data to the company, assisting the company to obtain competitive advantages and improving as a whole.

QMS Certification

QMS Certification

QMS is an accredited third party certification body, it is currently present in 33 countries and focuses on the certification of management systems. QMS America is managed by the US office and has consistently grown in market recognition by technical level, customer satisfaction and competitive pricing.

Join the newsletter!

Subscribe to get latest content by email.

Non-Conformity Management Root Cause Analysis

Non-Conformity Management: Root Cause Analysis

In the world of quality management, one of the most crucial aspects is the effective management of non-conformities. Root cause analysis is an indispensable procedure in this context, providing a path to prevent their recurrence. Learn more!

Greenwashing and Social Washing Understand What They Are and Their Relationship

Greenwashing and Social Washing

The terms “Greenwashing” and “Social Washing” are interconnected, as both involve deceptive practices adopted by companies aiming to give the impression that they are committed to environmental and social sustainability when, in reality, their actions are not as beneficial as they appear.

Whistleblowing in Compliance Programs

Whistleblowing in Compliance Programs

The so-called “Whistleblowers” are aimed at promoting transparency, and their disclosures often have significant implications for the organization, helping to expose unethical, illegal, or harmful practices.

Scroll to Top