QMS Certification Blog

The 3 Information Security Pillars according to ISO 27001:2013

Meet now the 3 Information Security Pillars and find out how ISO 27001:2013 may be differential in your own operations.

 In today’s article, I’ll be introducing the topic of the 3 Information Security Pillars. After all, information security has been taking over the market’s room little by little. 27001 is an important ISO, of voluntary adoption and that  might make a big difference to your company.

In any case, we have come to the conclusion that the 3 information security pillars available in ISO 27001 are extremely useful to any company and it is helpful for information treatment. They are the base fundaments of building a system that protects the own company and guarantees that, the clients as well, get the same protection they deserve.

The 3 information security pillars are Availability, Confidentiality and Integrity. Let’s take a look at each one of them.



This pillar is directly linked to the possibility of access to information.

According to the pillar, all information must always be at disposal, and on 2 different levels

  • Time – When the information is needed;
  • Locality – When it must be utilized.

In that way, a single document must not be unavailable to those who need it, regardless of the reason.

Obviously, there are rules involved in the information availability. And this principle is directly affected by our next concept, the Confidentiality pillar.



The second one of the 3 information security pillars is Confidentiality. According to the pillar, access to information must only be granted to those who have the permission to access it.

In this way, even though the required information is available when and where it is necessary, it is mandatory that only those who have the authorization will access them.



This might be the pillar that most causes doubts between management system professionals. However, we will see that it is not incomprehensible. Basically, we can say that the Integrity pillars is divided in 3:


  1. We must avoid that any information deteriorates or loses the capability of being comprehensible. What that means is, as an example, that there mustn’t be any information stored physical documents “catching dust”. If the paper deteriorates, the information loses it’s integrity. In digital ways, we can mention the similar case of corrupted files or compromised bank data.


  1. Furthermore, we must protect all data against type of UNINTENTIONAL alterations. When, for an example, updating a client’s registration, it is possible that the person who’s responsible for the update might get confused and updates the registration of the wrong client. In that case, it corresponds to an information integrity malfunction. It is also worth mentioning that even though it is incorrect, the information may still attend to the other pillars, in other words, it might still be available and be suitable for the confidentiality principles;


  1. We must also guarantee that intentional alterations maintain the information correct and intact. Therefore, our management systems require gadgets that, makes sure that no dishonest modification is made (or detected), just as any possible incorrect modification, resulted from lack of training, for an example, is not committed. In short, the information’s “content” must be intact and trustworthy.


To summarize:

If we could sum up all of the 3 information security pillars in a single sentence, I would say that:

The information that we decide to control must be available when and where necessary (Availability), making sure that only those who have the authorization will be granted of access to the information (Confidentiality) and, last but not least, still ensuring that the information is trustworthy and can be utilized for it’s due purposes (Integrity).


The importance of Information Security

Without any doubts, we can all affirm that essential information is available in every single company and within each company’s sections. Therefore, managing information started to be a necessity of any interested parts as a whole.

And as if this was not enough, a truly efficient information management system can also provide useful data to the company, assisting the company to obtain competitive advantages and improving as a whole.

Picture of QMS Certification

QMS Certification

QMS is an accredited third party certification body, it is currently present in 33 countries and focuses on the certification of management systems. QMS America is managed by the US office and has consistently grown in market recognition by technical level, customer satisfaction and competitive pricing.

Join the newsletter!

Subscribe to get latest content by email.

How to Implement ESG in Your Company: Practical Guide

How to Implement ESG in Your Company: Practical Guide

The topic of ESG has gained significant prominence in recent years. Companies are recognizing the importance of integrating ESG practices into their operations not only to comply with legislation but also to enhance sustainability and credibility in the market.

Compliance in the Third Sector Understand Its Importance

Compliance in the Third Sector Understand Its Importance

The third sector is a sphere of economic activity that encompasses non-governmental organizations (NGOs), associations, foundations, and other entities that operate for social, environmental, cultural, or community development purposes, but which are often used for fraudulent activities, hence the relevance of compliance in the third sector.

Scroll to Top