Since its publication in October 2005, ISO 27001 has been implemented in many organisations as the best practice for information security management, with over three hundred UK organisations independently certified against the standard. So if these organisations, which range from small and medium to large enterprises, have implemented ISO 27001, why are we still hearing about lapses in information security? Neil O'Connor, principal consultant, Activity asks what lessons are there to be learnt from every organisation, whatever its size, using ISO 27001 as a benchmark?
