Information security as defined by the newly revised version of International Standard ISO27001, launched in October 2013, goes beyond the obvious IT security focus that most people imagine. It covers information security policy, management of information security, people security, information asset management, information access control, cryptography, physical & environmental security, IT operations security, communications security, system acquisition, development & maintenance, supplier relationships, information security incident management, information security aspects of business continuity management, and compliance with relevant laws, regulations, contracts and policies. ISO27001 is also a route to becoming compliant to GDPR General Data Protection Regulation being enforced by the ICO in May 2018. We can offer consultancy on all aspects of Data Protection and Cyber Essentials
Applying information security principles and controls is how we do this!
The key benefits of ISO27001 are:
• It can act as the extension of the current quality system to include security
• It provides an opportunity to identify and manage risks to key information and systems assets
• It provides confidence and assurance to trading partners and customers; acts as a sales tool
• It allows an independent review and assurance to you on information security practices, protecting your business!
ISO27001 requires that management:
• Continuously examine the company's information security risks, taking account of possible threats, vulnerabilities within the system and what the possible impacts are
• Design and implement a coherent and comprehensive manual of information security controls and/or other forms of risk preventative actions (such as risk avoidance or risk transfer)
• Adopt a management process to ensure that the information security controls continue to meet the company's information security needs on an ongoing basis
How we can help:
• We can help you review your current information security controls against the expectations of ISO 27001, providing you with a gap analysis and a clear roadmap to take you through to the formal certification audit, if that is your aim
• Depending on your needs, time pressures and budgets, we can also provide the resource and expertise to complete the essential information security management system (ISMS) implementation work to help expedite the process and ensure it is performed to the high standards you would expect
For more information please click here or call 03330 433 533