ISO 27001 – Information Security Management Systems

  • What is ISO 27001?

    Consisting of three core principles – confidentiality, integrity and availability – this standard considers everything about risk to information held by your organisation. It is designed to ensure that you are able to select adequate and proportionate security controls that protect your information assets and, most importantly, give your customers and other interested parties confidence that you are able to deal with their information properly and treat it with respect.

    What are its benefits?

    • demonstrating the integrity of your data and systems and your commitment to information security
    • providing new business opportunities with those customers who have security at the front of their minds
    • allowing you to enforce information security and reduce the possible risk of information loss or fraud
    • enhancing the credibility of your organisation

     

  • How we can help you implement and maintain it

    We have experts in

    • developing information security systems that are effectively integrated within your organisation and, if appropriate, with management systems based on other standards e.g. ISO 22301
    • training staff and managers in ISO 27001 and internal auditing against the standard
    • security planning and security awareness training
    • supporting management teams through the ISO certification process – we only work with certification bodies approved by UKAS or, outside of the UK, members of the International Accreditation Forum (IAF)
    • conducting readiness reviews/gap analysis in preparation for certification audits