ISO 27001 is an internationally recognised standard that offers a flexible approach to help establish best practice and raise awareness of the importance of information security within an organisation. It provides a tailored system framework; continually maintained & improved to keep up with new threats.
In an increasing technology-dependent business world, robust information security is vital to manage and minimise risks of exposure to cyber attacks and ensure that confidential client information is protected. Cyber attacks and data fraud/theft are listed in the top ten risks to companies in the World Economic Forum Global Risk Report 2018.
Organisations with ISO 27001 certification demonstrate that they have identified and assessed potential security risks to information and data they hold that may be confidential, and have taken steps to ensure those risks are mitigated.
Safeguarding information assets and personal data is both a basic business requirement, and often a legal and regulatory obligation. The Information Commission Office specifically mentions ISO 27001 certification as a consideration in establishing whether an organisation has taken ‘reasonable steps’ in protecting personal data under GDPR. ISO 27001 certification can also regularly be a requirement in tendering for public sector and large company projects.
Based on a plan-do-check-act cycle, the standard sets out a number of information security management-based requirements which organisations should incorporate into their existing management systems. Regular independent audits are conducted by a certification body for organisations to achieve and maintain their certification.
Who is the certification for?
ISO 27001 is relevant to organisations of all shapes and sizes, including public, private and third sectors, across all industries. The management and security of corporate information is vital to all organisations and although the nature or amount of data may look very different in a computer software company to a coffee shop, many of the basic principles are the same and ISO 27001’s flexible framework allows organisations to take a structured approach to management of data, security risks and continual improvement of processes and procedures.
We can also offer a gap analysis as part of a pre-certification audit check, to allow your team to develop an action plan to work towards certification. This is particularly helpful if you have other ISOs in place such as 14001 for Environmental Management.
Contact us for more information.
Centre for Assessment offers a wide range of training workshops to support your journey towards becoming ISO 27001 accredited.
For more information, please visit our training and events page.
ISO management systems standards follow the “Annex SL” format, which means that different standards can be integrated and audited at the same time. This would reduce the overall audit duration and therefore the cost.