Report on Tesco and Information Assurance: Achieving ISO 27001
VerifiedAdded on 2023/06/15
|9
|1815
|465
Report
AI Summary
This report examines Tesco's compliance with ISO 27001, the international standard for information security management. It identifies key actions required for the organization to maintain compliance, including systematically examining information security risks, designing and implementing coherent security controls, and developing an overarching management process. The report also details the accreditation process for ISO 27001, emphasizing the importance of third-party assurance and certification from organizations like the International Standardization Organization and the International Accreditation Forum. Compliance with ISO 27001 is crucial for Tesco to protect its digital assets, maintain a competitive advantage in the online retail sector, and assure clients and investors of the security of its information systems.
Information
Assurance
Part-c
1
Assurance
Part-c
1
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Contents
INTRODUCTION...........................................................................................................................3
MAIN BODY...................................................................................................................................3
Action required for an organization to remain complacent....................................................3
The process of accreditation...................................................................................................5
REFRENCES...................................................................................................................................8
2
INTRODUCTION...........................................................................................................................3
MAIN BODY...................................................................................................................................3
Action required for an organization to remain complacent....................................................3
The process of accreditation...................................................................................................5
REFRENCES...................................................................................................................................8
2
3
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
INTRODUCTION
Security standards can be defined as a set of rules for products or processes that provides
consistency accountability and efficiency (Calder, 2017). It is important for business firms to
utilize security standards based on compliance and best practices to make objective decisions
related to the implementation of security devices. This report looks at a particular security
standard and identifies the primary actions which are needed for a business firm to remove
compliant with the specific standard. The business selected for this report is Tesco. It is a UK
based retail corporation which was established in the year 1919 and currently recruits 423092
employees. The security standard which is the focus of this report is ISO 27001 which is the
cyber security standard. It is important for business firms to maintain high security standard as it
helps the company ensure digital safety of sensitive company data. This report also
covers process for accreditation for the specific security standard.
MAIN BODY
Action required for an organization to remain complacent
ISO 27001 is an International Security standard for managing information security of
business firms. in the year 2005 the standard was published by international organization for
standards and the international Electro technical Commission. The standard was then revised in
the year 2005 in accordance with the changes legislations associated with information
management and increasing digitalization of the corporate world. This international standard for
information security management it's important for multinational corporations because so every
security is an important aspect of maintaining security of the company (Tatiara and et. al.,
2018). Compliance with this standard helps Tesco maintain high level of cyber security and
manage information security areas effectively. This enables the company to protect data and
digital processes from Cyber threats such as leakage of data and ransom ware.
This security standard provides details for establishing implementing and maintaining
information security management system with continuous focus on improving the system. The
aim of managing information security management system is to help business firms make their
information assets available at the company more secure. Tesco is able to make security controls
related to cyber security more organized and jointed to implement solutions which are specific to
4
Security standards can be defined as a set of rules for products or processes that provides
consistency accountability and efficiency (Calder, 2017). It is important for business firms to
utilize security standards based on compliance and best practices to make objective decisions
related to the implementation of security devices. This report looks at a particular security
standard and identifies the primary actions which are needed for a business firm to remove
compliant with the specific standard. The business selected for this report is Tesco. It is a UK
based retail corporation which was established in the year 1919 and currently recruits 423092
employees. The security standard which is the focus of this report is ISO 27001 which is the
cyber security standard. It is important for business firms to maintain high security standard as it
helps the company ensure digital safety of sensitive company data. This report also
covers process for accreditation for the specific security standard.
MAIN BODY
Action required for an organization to remain complacent
ISO 27001 is an International Security standard for managing information security of
business firms. in the year 2005 the standard was published by international organization for
standards and the international Electro technical Commission. The standard was then revised in
the year 2005 in accordance with the changes legislations associated with information
management and increasing digitalization of the corporate world. This international standard for
information security management it's important for multinational corporations because so every
security is an important aspect of maintaining security of the company (Tatiara and et. al.,
2018). Compliance with this standard helps Tesco maintain high level of cyber security and
manage information security areas effectively. This enables the company to protect data and
digital processes from Cyber threats such as leakage of data and ransom ware.
This security standard provides details for establishing implementing and maintaining
information security management system with continuous focus on improving the system. The
aim of managing information security management system is to help business firms make their
information assets available at the company more secure. Tesco is able to make security controls
related to cyber security more organized and jointed to implement solutions which are specific to
4
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
situations and help address different elements of information technology or data security with the
help of compliance with ISO 27001. The actions which support compliance with ISO 27001 by
Tesco are provided below:
The first requirement is to systematically examine the information security risks of the
company while also considering threats vulnerabilities and impacts. In order to comply with
this requirement of ISO 27001 security standard (Aedah and Hoga, 2020). Tesco needs
to analyze the information security risks faced by the company and I understand the weak
areas of digital systems which exposed the company to such risks and threats. This can be
completed by contacting a risk register analysis which can help the company understand the
level of risks associated with information systems of the company. This step is important part
of complying with ISO 27001 security standard because it enables Tesco to understand the
strengths and weaknesses of information systems and looked at the quality of cyber security
present at the company.
The next step focuses on designing and implementing a coherent and comprehensive set
of information security controls and other forms of risk mitigation for the identified risks of
high priority identified in the previous step. In this step Tesco needs to ensure that
appropriate risk management strategies are utilized by the company for handling risk related
to information management and cyber security. The food risk management strategies which
can be utilized by Tesco in this step to ensure creation of a coherent
security controls investigate the identified risks are risk acceptance, risk transference, risk
avoidance and risk reduction.
Risk transference can be adopted by Tesco so by purchasing a cyber-security
insurance. The strategy can be adopted by the company by implementing policies which
helped produce exposure to cyber security threats. Risk reduction can be implemented by
Tesco to design coherent and comprehensive information security controls 2020). This can
be achieved by identifying cyber security information system vulnerabilities and taking
steps move to improve information systems and eliminate such vulnerabilities from the
company. In this way Tesco will be able to comply with ISO 27001 security standard and
ensure effective management of information systems with maximum security.
The final action which needs to be taken by Tesco in order to no complete compliance
with ISO 27001 security standard develop an overarching management process which
5
help of compliance with ISO 27001. The actions which support compliance with ISO 27001 by
Tesco are provided below:
The first requirement is to systematically examine the information security risks of the
company while also considering threats vulnerabilities and impacts. In order to comply with
this requirement of ISO 27001 security standard (Aedah and Hoga, 2020). Tesco needs
to analyze the information security risks faced by the company and I understand the weak
areas of digital systems which exposed the company to such risks and threats. This can be
completed by contacting a risk register analysis which can help the company understand the
level of risks associated with information systems of the company. This step is important part
of complying with ISO 27001 security standard because it enables Tesco to understand the
strengths and weaknesses of information systems and looked at the quality of cyber security
present at the company.
The next step focuses on designing and implementing a coherent and comprehensive set
of information security controls and other forms of risk mitigation for the identified risks of
high priority identified in the previous step. In this step Tesco needs to ensure that
appropriate risk management strategies are utilized by the company for handling risk related
to information management and cyber security. The food risk management strategies which
can be utilized by Tesco in this step to ensure creation of a coherent
security controls investigate the identified risks are risk acceptance, risk transference, risk
avoidance and risk reduction.
Risk transference can be adopted by Tesco so by purchasing a cyber-security
insurance. The strategy can be adopted by the company by implementing policies which
helped produce exposure to cyber security threats. Risk reduction can be implemented by
Tesco to design coherent and comprehensive information security controls 2020). This can
be achieved by identifying cyber security information system vulnerabilities and taking
steps move to improve information systems and eliminate such vulnerabilities from the
company. In this way Tesco will be able to comply with ISO 27001 security standard and
ensure effective management of information systems with maximum security.
The final action which needs to be taken by Tesco in order to no complete compliance
with ISO 27001 security standard develop an overarching management process which
5
ensures that the information security controls continue to meet the information security
requirements of the company on a regular basis. In order to follow the final step of
complying with the security standard, a management procedure needs to be developed by the
company created by skilled members of the IT department (Pattanavichai, 2018). This will
help the company implement management procedure in each outlet and ensure that security
standard is effectively followed and continues to provide desired results to the company.
Following these actions will assist TESCO in complying with the ISO 27001 security standards
and lead to improvement of information management system at the company. This is an
important security standard for Tesco because the company has recently shifted towards a digital
first business. This is because online retail sales are increasing and strong online presence helps
the firm gain competitive advantage. This means that complying with the ISO 27001 security
standards helps the firm gain competitive advantage by increasing digital protection of the firm.
After gaining certification for compliance with ISO 27001 security standards, Tesco will be able
to develop certified information security management system. This is beneficial for the company
as Tesco will be able to assure clients and investors that the digital and information system of the
company is well protected and consumers can safely share their data with the company. This is
advantageous for ensuring success of digital business of Tesco and maintaining competitive
advantage. In this way on-going compliance with the ISO 27001 security standards will support
Tesco in achieving success and maintaining competitive advantage.
The process of accreditation
Accreditation is defined as the process of giving authority or approval. This is also
referred to as the process of certification (Kenyon, 2019). It involves a formal independent
verification that a program or an institution is able to gain after establishing specific standards
and gaining components essential to complete specific assessment tasks. Accreditation plays an
important role in ensuring compliance with security standards because it helps the company gain
assurance from a third party about the maintenance of security standard. It is important for Tesco
to gain accreditation for ISO 27001 security standards because it will help the company ensure
that the security standards related to creation of an effective information security management
system are put in place to continue gaining desired results from the security standards. In context
of Tesco the accreditation for ISO 27001 security standards can be gained from international
standardization organization. This helps business firms implement the standards in order to gain
6
requirements of the company on a regular basis. In order to follow the final step of
complying with the security standard, a management procedure needs to be developed by the
company created by skilled members of the IT department (Pattanavichai, 2018). This will
help the company implement management procedure in each outlet and ensure that security
standard is effectively followed and continues to provide desired results to the company.
Following these actions will assist TESCO in complying with the ISO 27001 security standards
and lead to improvement of information management system at the company. This is an
important security standard for Tesco because the company has recently shifted towards a digital
first business. This is because online retail sales are increasing and strong online presence helps
the firm gain competitive advantage. This means that complying with the ISO 27001 security
standards helps the firm gain competitive advantage by increasing digital protection of the firm.
After gaining certification for compliance with ISO 27001 security standards, Tesco will be able
to develop certified information security management system. This is beneficial for the company
as Tesco will be able to assure clients and investors that the digital and information system of the
company is well protected and consumers can safely share their data with the company. This is
advantageous for ensuring success of digital business of Tesco and maintaining competitive
advantage. In this way on-going compliance with the ISO 27001 security standards will support
Tesco in achieving success and maintaining competitive advantage.
The process of accreditation
Accreditation is defined as the process of giving authority or approval. This is also
referred to as the process of certification (Kenyon, 2019). It involves a formal independent
verification that a program or an institution is able to gain after establishing specific standards
and gaining components essential to complete specific assessment tasks. Accreditation plays an
important role in ensuring compliance with security standards because it helps the company gain
assurance from a third party about the maintenance of security standard. It is important for Tesco
to gain accreditation for ISO 27001 security standards because it will help the company ensure
that the security standards related to creation of an effective information security management
system are put in place to continue gaining desired results from the security standards. In context
of Tesco the accreditation for ISO 27001 security standards can be gained from international
standardization organization. This helps business firms implement the standards in order to gain
6
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
advantages from the best practice it contains. Apart from this through the accreditation from
International standardization organization Tesco will be able to provide consumers reassurance
that the recommendations provided in the security standard have been followed accurately.
In addition to this certification for ISO 27001 security standard can also be gained from
an accredited registrar all over the globe. This is also referred to as accredited certification body
(Lachaud, 2019). This organization is accredited by a globally known accredited body for its
competence to audit and issue certification providing confirmation that the company meets the
requirement of a standard. International accreditation forum is another organization which offers
accreditation in case of ISO 27001 security standards. Tesco needs to gain certification from
international accreditation forum to complete certification of ISO 27001 security standards
successfully.
7
International standardization organization Tesco will be able to provide consumers reassurance
that the recommendations provided in the security standard have been followed accurately.
In addition to this certification for ISO 27001 security standard can also be gained from
an accredited registrar all over the globe. This is also referred to as accredited certification body
(Lachaud, 2019). This organization is accredited by a globally known accredited body for its
competence to audit and issue certification providing confirmation that the company meets the
requirement of a standard. International accreditation forum is another organization which offers
accreditation in case of ISO 27001 security standards. Tesco needs to gain certification from
international accreditation forum to complete certification of ISO 27001 security standards
successfully.
7
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
CONCLUSION
From the above report it can be concluded that it is important for business firms to
follow security standards in order to enhance security and management processes of the
company. ISO 27001 security standards is an important security standard helps the company
enhance information security management system and enhance cyber-security of the company.
In the current digital age it is important to develop an advanced information security
management system to maintain protection from cyber security threats and vulnerabilities. In
addition to this it also necessary for business firms to gain accreditation from suitable
organizations for the security standard. This is because it provides reassurance to the clients and
ensures that inspection bodies have been assessed against recognized standards too showcase
their competence and impartiality. The primary accreditation organization which can be used to
gain certification for ISO 27001 security standard is International accreditation forum and
international standardization organization.
8
From the above report it can be concluded that it is important for business firms to
follow security standards in order to enhance security and management processes of the
company. ISO 27001 security standards is an important security standard helps the company
enhance information security management system and enhance cyber-security of the company.
In the current digital age it is important to develop an advanced information security
management system to maintain protection from cyber security threats and vulnerabilities. In
addition to this it also necessary for business firms to gain accreditation from suitable
organizations for the security standard. This is because it provides reassurance to the clients and
ensures that inspection bodies have been assessed against recognized standards too showcase
their competence and impartiality. The primary accreditation organization which can be used to
gain certification for ISO 27001 security standard is International accreditation forum and
international standardization organization.
8
REFRENCES
Books and Journals
Calder, A., 2017. Nine steps to success: An ISO 27001 implementation overview. IT Governance
Ltd.
Aedah, A. R. and Hoga, S., 2020. Maturity Framework Analysis ISO 27001: 2013 on Indonesian
Higher Education. International Journal of Engineering & Technology, 9(2) pp.429-
436.
Akinyemi, I., Schatz, D. and Bashroush, R., 2020. SWOT analysis of information security
management system ISO 27001. International Journal of Services Operations and
Informatics, 10(4). pp.305-329.
Pattanavichai, S., 2018. Design Network Model for Information Security Management Standard
depend on ISO 27001. GSTF Journal on Computing, 5(4).
Kenyon, B., 2019. ISO 27001 controls–A guide to implementing and auditing. IT Governance
Ltd.
Lachaud, E., 2019. Adhering to GDPR codes of conduct: A possible option for SMEs to GDPR
certification. Journal of Data Protection & Privacy, 3(1). pp.48-68.
Tatiara and et. al., 2018, March. Analysis of factors that inhibiting implementation of
Information Security Management System (ISMS) based on ISO 27001. In Journal of
Physics: Conference Series (Vol. 978, No. 1, p. 012039). IOP Publishing.
9
Books and Journals
Calder, A., 2017. Nine steps to success: An ISO 27001 implementation overview. IT Governance
Ltd.
Aedah, A. R. and Hoga, S., 2020. Maturity Framework Analysis ISO 27001: 2013 on Indonesian
Higher Education. International Journal of Engineering & Technology, 9(2) pp.429-
436.
Akinyemi, I., Schatz, D. and Bashroush, R., 2020. SWOT analysis of information security
management system ISO 27001. International Journal of Services Operations and
Informatics, 10(4). pp.305-329.
Pattanavichai, S., 2018. Design Network Model for Information Security Management Standard
depend on ISO 27001. GSTF Journal on Computing, 5(4).
Kenyon, B., 2019. ISO 27001 controls–A guide to implementing and auditing. IT Governance
Ltd.
Lachaud, E., 2019. Adhering to GDPR codes of conduct: A possible option for SMEs to GDPR
certification. Journal of Data Protection & Privacy, 3(1). pp.48-68.
Tatiara and et. al., 2018, March. Analysis of factors that inhibiting implementation of
Information Security Management System (ISMS) based on ISO 27001. In Journal of
Physics: Conference Series (Vol. 978, No. 1, p. 012039). IOP Publishing.
9
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 9
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.