ADOPTION OF STANDARD FOR INFORMATION SECURITY ISO/IEC 27001 IN BOSNIA AND HERZEGOVINA

When it comes to security, no company in the world can be too cautious. Many companies own and use different systems for protection of data and information from intentional or non-intentional loss, unauthorized access, or abuse. However, the legal aspects of information security systems are well known in order for system to be internationally accepted and adopted. Because of this, the standard ISO/IEC 27001, which ensures positioning in relation to competition through marketing usage of this certificate, fulfills all requirements of the client for information security; reducing the risks associated with information relevant for the organization, reducing operating costs for the prevention of complaints and other incidents, and optimization of the process because the tasks in the organization are clearly defined and understood. ISO/IEC 27001 process of certification is carried out by a certification body that is accredited by schemes that are under the supervision of the IAF (International Accreditation Forum), as only these certificates are a guarantee of global standard acceptance. This study has examined the surveys of twenty (20) large companies, whose scope guarantees the suitability to this standard, and explored the way of implementation, and more importantly that the certification companies in Bosnia and Herzegovina offer this feature. In the end we compared the results of this study with the results from the region and the world.