What is ISO 27001?
ISO 27001 – Information Security Management
The ISO 27000 series of standards on security techniques for information technology provides a very flexible and effective framework to addressing information security. No one business is the same and requirements differ significantly between different organisations. ISO 27001 allows for specific tailoring of risks and the appropriate protection necessary.
Having an effective Information Security Management System (ISMS) in place and becoming certified to ISO 27001 has a vast array of benefits. It requires businesses to identify risks to their information and put in place security measures to manage or reduce those risks. ISO 27001 is also based on continual improvement and requires companies to regularly review the effectiveness of their ISMS and ensures they stay ahead of the curve for emerging information security risks.
The Information Security Management System Process
 |
 |
 |
|
 |
|
 |
| Starting
with ISO 27001
Learn about the international standard and what achieving ISO 27001 can do for your business |
|
Implementing
an ISO 27001 system
Our experienced, committed and dedicated team tailors a program to suit your individual needs |
|
Certification
to ISO 27001
Third party assessment to gain certification for your Information Security Management System |
|
Maintaining
an ISO 27001 system
3m group service is available to maintain your system to ensure compliance and continual improvement |
Management System Documentation
Why implement an Information Security Management System?
- Ensures companies cover their legal and regulatory requirements for information security
- Company operations have never been more IT system dependent
- Commercially sensitive information has never been more at risk
- Information and processes are increasingly entered in the cloud
- Location-specific risks have been reduced for many types of operations
- 3rd party certification may reduce any need for 2nd party audits
- Gain stakeholder and customer trust that their data is protected
- Expand potential tendering opportunities by demonstrating a high level of information security through 3rd party certification
- ISO 27001 Information Security helps companies prioritise actions most appropriate to their business, today, and as risk profiles.
How we can help
- Review your current information security arrangements and ensure your business has addressed the basic requirements of an ISMS
- Develop a Management Manual in your own terminology to reflect how your business addresses the requirements of ISO 27001, including the relevant roles and responsibilities required
- We then ensure the risk assessment methodology effectively includes information security criteria
- We then assist with the development of a Statement of Applicability to record the controls (security measures) from ISO 27001 Annex A (also in ISO 27002) that has been or will be implemented, including a justification for their inclusion/exclusion
- We train all relevant employees in the resultant ISMS
- We ensure all compliance obligations are identified and regularly monitored
- We train your Internal Audit Team and conduct the first internal audit
- We participate in the first management review meeting
- Finally, we fully prepare you for 3rd party certification.
|
