ISO 27001 – Information Security Management

ISO 27001 is the only auditable international standard which defines the requirements for an Information Security Management System (ISMS). The standard is designed to ensure the selection of adequate and proportionate security controls. This can help you to protect your information assets and give confidence to any interested parties, particularly your customers. The standard adopts a process approach for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving your ISMS. Who is it relevant to? ISO 27001 is suitable for any company, large or small, in any sector or part of the world. The standard is particularly suitable where the protection of information is critical, such as in the finance, health, public and IT sectors. ISO 27001 is also highly effective for companies which manage information on behalf of others, such as an IT outsourcing company. ISO 27001 can be used to assure customers that their information is being protected. Benefits? There are various benefits for implementing ISO 27001 these include:
  • Help minimise and manage security risk
  • Third party assessment verifies that the company’s risks are properly identified and assessed
  • Certification improves the company’s marketing potential by providing assurance to business partners
  • Certification demonstrates that relevant laws and regulations are being observed
  • Can provide a competitive advantage within the market place by meeting pre-tender requirements
The implementation process
  • Define an information security policy
  • Define scope of the information security management system
  • Perform a security risk assessment
  • Manage the identified risk
  • Select controls to be implemented and applied, prepare SoA (a “statement of applicability”)
  • Review management practices with a view to obtaining ISO 27001 certification
  • Carry out internal audits and management review
Contact us for more information.

ISO 9001

The standard provides a number of requirements which an organisation needs to fulfil if it is to achieve ISO9001 status for its operations and systems...

Read More

ISO 14001

The purpose of this standard is to help all kinds of organizations to protect the environment, to prevent pollution, and to improve their overall environmental performance...

Read More

ISO 27001

This can help you to protect your information assets and give confidence to any interested parties, particularly your customers...

Read More

ISO 45001

The system produces systematic control of your business activities to ensure that the products and services are controlled, monitored and measured...

Read More