ISO 27001

Work towards certification or be audited against ISO 27001

 

What is ISO 27001

ISO 27001 is a specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation's information risk management processes.

ISO 27001 was developed to provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system.

ISO 27001 uses a top-down, risk-based approach and is technology-neutral. The specification defines a six-part planning process:

  • Define a security policy.
  • Define the scope of the ISMS.
  • Conduct a risk assessment.
  • Manage identified risks.
  • Select control objectives and controls to be implemented.
  • Prepare a statement of applicability.

The specification includes details for documentation, management responsibility, internal audits, continual improvement, and corrective and preventive action. The standard requires cooperation among all sections of an organisation.

ISO 27002 contains 12 main sections:

  • 1. Risk assessment
  • 2. Security policy
  • 3. Organization of information security
  • 4. Asset management
  • 5. Human resources security
  • 6. Physical and environmental security
  • 7. Communications and operations management
  • 8. Access control
  • 9. Information systems acquisition, development and maintenance
  • 10. Information security incident management
  • 11. Business continuity management
  • 12. Compliance

Organisations are required to apply controls appropriately in line with their specific risks. Third-party accredited certification is recommended for ISO 27001 conformance.

 

Why do companies choose to invest in ISO 27001?

Improved customer acquisition and retention

Customers can ensure their data and information is safe will therefore come to you and return as a trusted organisation. Compliance shows you put your customers at the forefront of what you do, by constantly working towards protecting their information and rights

Far less likely to be hacked

By having security controls and procedures in place to constantly ensure you information is safe, your risk of getting hacked is greatly reduced

Laws and regulations will be observed and followed in your organisation

ISO 27001 complies with the Data Protection Act, which is strictly governed and penalties are high. This will reduce your risk of facing any penalty fines

You will win tenders

Having the ISO 27001 accreditation will greatly help your organisation when tendering for business as many businesses and organisations will strictly only work with companies who are ISO 27001 compliant.

Reduce threats to risk of security incidents

Both from outsiders and people, staff internally in the organisation

Efficiency will be improved

With all your work being kept secure and filed orderly there will be less time trying to obtain relevant information from your databases and systems.

Reduce insurance premiums

Having your information kept securely within ISO 27001; your insurance outlays will certainly be reduced.

International standard

International businesses will understand and appreciate your efforts towards accreditation they will understand also there is a greater chance for your organisation being able to deliver work securely over many channels internationally.

Compliments many other quality standards

ISO 27001 complies with many standards including ISO 9001, ISO 14001, OHSAS 18001 etc..

How can we help you implement ISO 27001

  • Our implementation system and methodology are proven and straightforward.
  • We will Implement an information security management system (ISMS) that is tailored to suit your business, is cost-effective and meets ISO 27001 requirements.
  • We will transfer vital knowledge and skills to your employee's, enabling you to continue meeting compliance targets after the initial implementation period.
  • We will provide a wide range of comprehensive and integrated ISO 27001 resources, including experienced consultants, risk management expertise, technical information security expertise and training.
  • We are able to integrate your ISO 27001 information security framework with COBIT, the PCI DSS and other management frameworks, as well as with other regulatory compliance obligations.
  • Optional in-house training, led by our security experts help you to make rapid progress and develop the skills to run your ISMS.

What you get

We will help you to achieve ISO 27001 certification as quickly and cost-effectively as possible. Our extensive experience of successful ISO 27001 implementation processes from its initial phase right up to certification, from securing management support to scoping, planning, communication, risk assessment, control selection, documentation and testing, right up to the external audit by your chosen certification body, which leads to certification.

  • Setting up the project
    • Management framework
    • Context
    • Project leadership
    • Resources
    • Interested parties
    • Management system risk assessment
  • Risk assessment and treatment
    • Risk acceptance criteria
    • Legal, regulatory and contractual requirements
    • Assessment methodology and approach
    • The risk treatment plan
    • The Statement of Applicability
    • The residual risk report
  • Selection of controls
    • Review and recommendations
  • Competence and documentation
    • Competence framework
    • Communication plans
    • Staff awareness and training
    • Document management process
  • Performance evaluation
    • Internal audit
    • Management review
    • Improvement
    • Preparation for certification
    • Review of certification readiness
    • Coaching of individuals likely to be involved in the audits
    • Help with selecting and appointing an accredited certification body

Who will benefit from this consultancy service?

The implementation service is suitable for organisations that do not have the internal resources or expertise available necessary to implement an ISMS themselves, Or companies that can see the cost benefits of outsourcing this work to recognised security experts. This service is available to any organisation , from any industry, globally.