ISO 27001 certification was developed as a similar approach to ISO 9001 certification but to cover the management of Information Security risks and resources. ISO 27001 is the Information Security Management Standard. Its requirements are based on Best Practice to assist managing your Information assets and associated risks.
Click the following links for more specific information:
With the worldwide competitive pressure, organisations are trying to reduce costs, speed up supply chain and improve service. This has encouraged the creation of partnerships and the reduction of duplicate costs within a supply chain. Examples include re-entering order details and goods-in sampling and inspection.
One way to achieve these savings has been the sharing of commercially sensitive information. However there is concern about the security of such information, once it is passed to other organisation in the supply chain.
To answer this concern, well as other security issues since “9/11″, ISO 27001 was developed to provide externally assessed checks of data security. Please note that ISO 27001 does not just cover the security of electronic data and therefore should not be considered only of concern of the IT or Computer specialists.
The Standard is not just about guarding & protecting Information. Instead it is about understanding the risks and information requirements of the business. The sometimes conflicting requirements of “Availability”, “Confidentiality” and “Integrity” need to be assessed and suitable processes, training and controls implemented.
As the system is designed and documented, to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties.
Note: Information Security is often viewed as primarily an IT Departmental responsibility. However it is a business wide requirement, though obviously there should be a significant IT involvement
ISO 27001 is relevant to any business that is serious about its Information assets. Where a requirement is not applicable, it can be considered as a justified exclusion.
When to start ? – Now and benefit sooner. Call or email us
Any Organisation that is serious about Information Security. All requirements of this International Standard are generic and are intended to be applicable to all organisations, regardless of type, size and information. It covers your Information Security responsibilities.
The quick answer is contact us, but there are common steps
Three Format Options for documentation of the Information Security Manual, Procedures / Process Diagrams and Forms:
Contact us today for the first steps to ISO 27001 Certification
Invest in your future by improving your Business. We have options to suit your situation including
Call us: (0)1635 595123
Email us: firstname.lastname@example.org
For a free discussion or quote or for further information about this certification standard.