23rd January 2017
IS0 27001 is a Model for information security management systems. It is an information security system registration scheme where a company’s information security procedures and processes are assessed to an information security management Standard. This Standard has been agreed in this country, the European Union and Internationally
ISO 27001 is the working standard and it contains 7 main sections
Put very simply, ISO 27001 is a declaration of an organisations ability to demonstrate its capability to consistently protect information security and to satisfy its customers’ information security needs.
Risk assessments must be carried out on important parts of the organisation; risks evaluated and a risk treatment plan established to mitigate the risk. Where medium risks cannot be reduced then it is permitted to accept the risk based on certain criteria.
Risk assessments have been carried out on each asset.
The methodology used identifies the Asset Value:
Following the risk assessment the results are reviewed at an ISMS Forum meeting.
Scores are either confirmed or adjusted as necessary.
Items which are seen as high risk are addressed with the highest priority.
Risk assessments are revisited and actions taken as necessary. Issues which are identified in the interim as high risk will be addressed immediately if, in the opinion of management, delay would be detrimental to the company.
The Statement of Applicability (S.O.A) is a document that is available to the public and is attached to the Certificate of compliance issue by the Certification Body. It details all the elements of the standard that are applicable, and those which are excluded and a justification for exclusions.
Annex A of ISO 27001 contains all the controls applicable to an application.
Clearly not all organisations will apply all elements of the Standard and this document details which are used.
The S.O.A is version controlled and any change must be notified to the Certification Body.
Heybridge Business Centre
110 The Causeway, Heybridge
Essex CM9 4ND
T: 01621 857841
M: 07702 193788
© 2020 Quality Matters Ltd. All rights reserved. Responsive Design