ISO 27001 - Information Security Management
Protect your data and reassure your customers
Information Security Management System
Protect your data and reassure your customers

Your organisation probably has policies in place for keeping information safe and ensuring you comply with legislation.  ISO 27001 will bring your policies together into a single, structured system, helping you mitigate the risks associated with data breaches and mismanagement.

 

As the internationally-recognised Information Security Management System, ISO 27001 will reassure you and your stakeholders that you are committed to protecting every form of data.

 

We can help your organisation achieve ISO 27001 through a compliance audit, ensuring the information you hold is safe, secure and properly managed.

What is ISO 27001?

Safeguarding information assets and personal data makes sound business sense but is also a legal and regulatory obligation. The Information Commission Office specifically mentions ISO 27001 certification as a consideration in establishing whether an organisation has taken ‘reasonable steps’ in protecting personal data under GDPR.

 

To gain ISO 27001 certification, your organisation will need to demonstrate that it has identified and assessed potential security risks to confidential information and data you hold. You also need to have taken steps to ensure these risks are mitigated and that security controls are fit-for-purpose within your context.

 

Is ISO 27001 right for you?

With increasingly sophisticated cyber-attacks and high-profile data leaks, no wonder the number of organisations achieving certification to ISO 27001 is growing year on year.

 

An ISO 27001 audit is a must not only for businesses that are technology-rich or heavily reliant on digital data storage. It is also important if your organisation holds sensitive information in any other format.

 

Healthcare providers, educational establishments, local authorities, other public bodies, retailers and many others can use ISO 27001 to protect information. Compliance to the Standard is often a requirement to provide services in some sectors, making it extremely valuable for your organisation.

Why should you work with Centre for Assessment?

Centre for Assessment is a respected, client-focused and ethical UKAS-accredited certification body with years of experience auditing organisations like yours against the ISO 27001 Standard.

 

Our team of auditors undergo a rigorous recruitment and training process, ensuring that you are given an experienced, expert professional who understands the context and concerns of your organisation.

 

Choosing Centre for Assessment means you will also have a dedicated Assessment Project Co-ordinator who will help with any on-going enquiries you may have.

 

With a flexible, customer-centric approach to our audit and certification services, contact a member of our friendly, knowledgeable team and find out how we can help your organisation achieve ISO 27001.

 

How much does it cost?

Centre for Assessment believes that value is extremely important but also understands that cost is a key factor for organisations considering an ISO 27001 audit.  We pride ourselves on the quality of our certification services but are also keen to offer highly competitive prices for your business. 

 

A member of our Business Development team will be pleased to produce a bespoke ISO 27001 audit proposal for you, taking into account factors such as the number of employees and the complexity of your organisation.  Use the links on this page to make an enquiry or submit an application to receive a no-obligation quotation.

How can ISO 27001 benefit your organisation?

Many of the benefits of you implementing an Information Security Management System are common sense.  Auditing your System to ensure it meets the requirements of the international framework – ISO 27001 – can have an extremely positive impact on your organisation.

An ISO 27001 audit with Centre for Assessment may help you to:

win more business;

develop trust and credibility;

improve the culture of security in your organisation;

review and improve the strength of your security measures;

give your customers reassurance that their data is safe;

reduce costs associated with information mismanagement;

comply with international legal obligations and regulations, including GDPR;

provide a competitive advantage for your company.

What other services can we offer you?

You may find the idea of an ISO 27001 audit daunting.  Centre for Assessment is committed to supporting you to ensure your audit is painless and successful, adding value to your organisation and helping you improve your business.

 

We can provide a gap analysis, internal auditor training and a range of additional, impartial support to help your preparations for audit.

 

You may also choose to have an integrated audit against multiple ISO Standards, saving costs and unnecessary disruption for your company.

Cyber Essentials Plus can further enhance your management of information security. This is a Government-backed scheme which can complement your ISO 27001 certification.

 

Request a Quote

Select all relevant areas

Find out more:

Certification Process

Initial thoughts: Firstly, you need to establish that ISO 27001 is the right fit for your organisation and, if so, what the scope of certification will be. Centre for Assessment will be happy to help you make these decisions. If you already hold another ISO certification, such as 9001, it may be possible to complete a combined audit if your Management Systems are sufficiently integrated.

Preparation: You may choose to hire a consultant to help you design and implement your Information Security Management System. Centre for Assessment does not offer a consultancy service but can provide you with a list of our independent associates who would be happy to work with you. You could opt to use Centre for Assessment to provide a pre-assessment service. Alternatively, you may choose to move forward without seeking external support – it’s up to you.

Apply: Submit an application form via our website here

Quotation: Your application will be reviewed by a member of our Business Development team, who may need to call you to request further information before providing you with a no-obligation audit proposal.

Accept: Review the proposal sent by Centre for Assessment and, if you are happy, sign and return the document to us.

Make arrangements: You will be allocated a specialist, experienced auditor who will contact you to introduce themselves, discuss arrangements and book dates for your audit.

Audit Stage One: The Stage One audit will involve a review of the documents relating to your Information Security Management System. Stage One also explores your readiness to move on to Stage Two.

Audit Stage Two: The Stage Two audit looks at the effectiveness of your Management System.


Verification: Once the two stages are complete and any findings addressed, your auditor will recommend that Centre for Assessment awards you with ISO 27001 certification.


Certification: Following a technical review by a decision-maker, you will be issued a certificate that is valid for three years. You can advertise the fact that you are certified to the Standard and use the ISO 27001 logo on your website and elsewhere.


Annual Audit: At 12 and 24 months following your initial audit, review visits will be completed to ensure you are still compliant with ISO 27001. These will be arranged directly with your auditor.

Certification Support

  • Personalised service from the Centre for Assessment sales and operations team.

  • Bespoke in-house training and workshops are available, such as internal auditor training.

  • Open training courses can be booked online.

  • A Gap Analysis is an optional service which allows one of our expert assessors to enter your organisation prior to the formal assessment to identify any gaps in your management system. This can be a valuable and important part of planning for achieving certification.
News
Related Services
Cyber Essentials
Accreditation is suitable for all companies in any sector who handle client information and have a desire to increase their IT infrastructure security throughout their business.
ISO 9001 - Quality Management
ISO 9001 is the international Standard for Quality Management, helping organisations provide products and services that meet or exceed customer expectations. With over one million certified organisations worldwide, ISO 9001 is one of the most popular business improvement tools available.
Lexcel - Law Society Accreditation
Lexcel provides a framework to ensure that legal practices develop operational efficiency consistently. It helps to improve client services, manage risk and reduce costs.