ISO 27000

ISO 27001 specifies the management of Information Security. Applicable to all sectors of industry and commerce, it is not confined just to information held on electronic systems, but addresses the security of information in whatever form it is held. ISO 27001 is one of the standards in the ISO 27000 family.

Benefits of ISO 27001 Certification:

• Gaining certification from a UKAS accredited certification body (such as ISOQAR) demonstrates that the security of your information has been addressed, implemented and properly controlled. But the benefits don’t stop there:
• Customers, employees, trading partners and stakeholders are comforted in the knowledge that your management information and systems are secure.
• Demonstrates credibility and trust.
• Cost savings – even a single information security breach can involve significant expense.
• Establishes that relevant laws and regulations are being adhered to.
• Shows that a commitment to Information Security exists at all levels throughout an organisation.
• Information security can be characterised as the preservation of:
• Confidentiality – ensuring that access to information is appropriately authorised
• Integrity – safeguarding the accuracy and completeness of information and processing methods
• Availability – ensuring that authorised users have access to information when they need it
• ISO 27001 contains a number of control objectives and controls. These include:
• Security policy
• Organisational security
• Asset classification and control
• Personnel security
• Physical and environmental security
• Communications and operations management
• Access control
• System development and maintenance
• Business continuity management
• Compliance