Today, in the 21st century, the different organizations, regardless of their nature, focus their efforts on staying and being successful in a global market characterized by strong competition; which, in order to be competitive, make considerable efforts in adopting various management approaches. Representing a key factor of success, having a technological infrastructure that facilitates continuous interaction with its context in an appropriate manner, facilitating the promotion, placement and/or provision of its products or services through said platform.
In this sense, management information systems play a preponderant role in facilitating the processes of: capturing, processing and disseminating information; both to the external and internal scope of the organization’s processes; thus allowing to effectively streamline the various control channels in business operations and activities. Facilitating the achievement of policies and objectives; as well as, the feedback of sensitive elements for organizational success. However, today it is imperative to integrate these systems with security, with international standards for this purpose such as the ISO 27001 standard.
Information and the systems on which they are supported are of fundamental strategic importance in the world of global business, hence the need to integrate them into a new element: security; which is related to a system of basic ideas linked to the protection of these modern procedures, providing a holistic view of the nature of the problem, the laws of its development and significant links with other branches of knowledge, formed and developed based on practical experience and definition of basic guidelines in the direction of improving information security.
To support the above, the ISO 27001 standard has been developed; which contemplates the minimum elements to consider in an Information Security Management System (ISMS), based on the fact that information, together with the processes and systems that make use of it, are very important assets of an organization.
Not considering the aforementioned aspects can have serious operational, financial and legal consequences, which can even lead to the bankruptcy of the company. The challenge that most businesses face is how to provide adequate protection, particularly how to ensure that the risks to which they are exposed have been identified and how to manage them in a proportionate, sustainable and effective manner. Beyond the way in which the information is stored or transmitted, the ISMS according to the ISO 27001 standard, are based on the guarantee and preservation of the confidential nature of the information, as well as its integrity and availability, including the systems related to its treatment.
The practical application of ISMS has been very extensive in the industrial sector; therefore, in companies that produce goods and services. In this last sector, the companies that are dedicated to inspection and non-destructive testing (END) stand out; which, They handle sensitive information in the execution of projects, corrective, preventive and routine maintenance to industrial facilities, which must be managed in an agile way by those who make decisions, with security principles that guarantee its confidentiality, integrity and availability.
The implementation of these systems, based on the ISO 27001 Standard in companies in the inspection sector, leads to the achievement of a series of important benefits, among which are: rapid access to information at all levels of the company, management approach proactive in which actions are anticipated when problems arise, generation of reports and indicators that facilitate management control, minimization of time wasted collecting information, communication improvements, the planning process is facilitated, guarantee of confidentiality of sensitive information handled not only to the client but to other relevant interested parties, among other benefits.
However, even when there is a shared vision by executives about the advantages of having this type of system, in practice there is widespread concern about their vulnerability to what is known as information security. information.
About the Author.
PhD. Juan J. Lugo Marin
Industrial Engineer with Specialization and Master’s Degree in Quality and Productivity Management. He is a Doctor in Administrative Sciences with Post Doctoral studies in Strategic Foresight and Futures Studies. He has extensive experience as a Consultant in Quality Management and Strategic Management in various countries in Latin America and the United States. He has successfully performed the academic role as a university teacher and researcher, being the author of specialized books that address issues related to quality management and digital economy.