ISO 27001 - Information Security Management System

ISO 27001 is an internationally recognised standard that offers a flexible approach to help establish best practice and raise awareness of the importance of information security within an organisation. It provides a tailored system framework; continually maintained & improved to keep up with new threats.

In an increasing technology-dependent business world, robust information security is vital to manage and minimise risks of exposure to cyber attacks and ensure that confidential client information is protected. Cyber attacks and data fraud/theft are listed in the top ten risks to companies in the World Economic Forum Global Risk Report 2018.

More inforamation

Organisations with ISO 27001 certification demonstrate that they have identified and assessed potential security risks to information and data they hold that may be confidential, and have taken steps to ensure those risks are mitigated.

Safeguarding information assets and personal data is both a basic business requirement, and often a legal and regulatory obligation.  The Information Commission Office specifically mentions ISO 27001 certification as a consideration in establishing whether an organisation has taken ‘reasonable steps’ in protecting personal data under GDPR.  ISO 27001 certification can also regularly be a requirement in tendering for public sector and large company projects.

Based on a plan-do-check-act cycle, the standard sets out a number of information security management-based requirements which organisations should incorporate into their existing management systems.  Regular independent audits are conducted by a certification body for organisations to achieve and maintain their certification.

Who is the certification for?

ISO 27001 is relevant to organisations of all shapes and sizes, including public, private and third sectors, across all industries.  The management and security of corporate information is vital to all organisations and although the nature or amount of data may look very different in a computer software company to a coffee shop, many of the basic principles are the same and ISO 27001’s flexible framework allows organisations to take a structured approach to management of data, security risks and continual improvement of processes and procedures.

 

 

  • Helps manage security of data in physical and electronic forms.

  • Reduces cyber security risks.

  • Increases awareness of potential risks and threats and builds a culture of security.

  • Demonstrates credibility and trust, instilling confidence in customers and stakeholders and enhancing company reputation.

  • Increases competitive edge by meeting or exceeding contractual requirements.

  • Continually improves processes and procedures reducing costs and errors.

  • Achieves operational excellence, increasing productivity and profit.

  • Enhances customer satisfaction and improves client retention.

  • Achieves governance and business continuity requirements.

  • Supports regulatory and legal compliance.

We can also offer a gap analysis as part of a pre-certification audit check, to allow your team to develop an action plan to work towards certification. This is particularly helpful if you have other ISOs in place such as 14001 for Environmental Management.

Contact us for more information.

 

Centre for Assessment offers a wide range of training workshops to support your journey towards becoming ISO 27001 accredited.

For more information, please visit our training and events page.

  1. Complete an application form which includes some basic details about your organisation.

  2. CfA will send a formal no-obligation quotation based on the information provided, talking to you about to gather more information about your organisation and your requirements, if necessary.

  3. If you are happy to accept the quotation then it simply needs to be signed and returned to us.

  4. We will allocate a specialist, experienced auditor who will contact you directly to introduce themselves, discuss arrangements and book in dates.

  5. The audit will take place in two stages.  Stage one is a review of documents related to your management system.  Stage two involves discussions with key people within your organisation.

  6. Once the initial audit has taken place and any findings addressed, a three-year certificate will be issued.

  7. Annual audits are required in order to maintain certification which are arranged directly with your auditor.

ISO management systems standards follow the “Annex SL” format, which means that different standards can be integrated and audited at the same time.  This would reduce the overall audit duration and therefore the cost.

  • Personalised service from the Centre for Assessment sales and operations team.

  • Bespoke in-house training and workshops are available, such as internal auditor training.

  • Open training courses can be booked online.

  • A Gap Analysis is an optional service which allows one of our expert assessors to enter your organisation prior to the formal assessment to identify any gaps in your management system. This can be a valuable and important part of planning for achieving certification.