ISO 27001 Information Security Management

It is generally accepted that information is the greatest asset any organisation has under its control. Managing Directors are aware that the supply of complete and accurate information is vital to the survival of their organisations

Today more and more organisations are realising that information security is a critical business function. It is not just an IT function but covers:

  1. Governance;
  2. Risk Management;
  3. Physical Security;
  4. Business Continuity;
  5. Regulatory and Legislative Compliance.

With increasing reliance on data, it is clear that only organisations able to control and protect this data are going to meet the challenges of the 21st century.

ISO27001:2013 which was formally BS7799 is the International Standard for Information Security Management (ISMS) and provides a definitive reference to developing an information security strategy. ISO27002 is a code of practice and covers the following elements:

  • Information Security Policies
  • Organisation of Information Security
  • Human Resources Security
  • Asset Management
  • Access Control
  • Cryptography
  • Physical & Environmental Security
  • Operations security
  • Communications Security
  • System Acquisition, Development and Maintenance
  • Supplier Relationships
  • Information Security Incident Management
  • Information Security Business Continuity Management
  • Compliance

Accreditation of Certification Bodies (CB’s) in the UK is carried out by UKAS (United Kingdom Accreditation Service) UKAS is the sole accreditor in the UK.

We can help you set up an information Security management system and get you ready for assessment.