Review of ISO 9001:2015 and ISO 27001:2013 Implementation in Financial Institution – Case Study
In today’s technologically-driven world, protecting ICTs (Information and Communication Technologies) is of great importance. Due to the amount of personal data and the obligations of high transaction accuracy, financial institutions such as banks and insurance companies are even more sensitive to data protection. On the business side, ICT is fundamental for day-to-day operations, so investing in ICT is investing in business continuity, operating and resilience. Integration of ISO 27001:2013 and ISO 9001:2015 standards into an organization’s Information Security Management System (ISMS) and Quality Management System (QMS), respectively, further enhances the importance of protecting ICT. It is also important for organizations to implement these standards as a useful baseline for further compliances, such as for example GDPR (General Data Protection Regulation). These standards provide a framework for continually improving management systems in critical areas, which is just one more reason for implementation.