ISO/IEC 27001:2013

Information & Data Security

ISO 27001 is the internationally recognised standard offering a comprehensive set of controls. Including best practice in information security, for a company to manage it's information security. The basic components of the standard are confidentiality, integrity and availability and these are applied to ten defined categories within an organisation. It is based on ISO 9001 and offers an auditable management system to reduce the risks to the organisations information assets. It also offers both clients and suppliers the confidence to trust an organisation with the safe keeping of their information. Increasingly organisations want to know how safe suppliers of IT systems are, as more companies now see certification to ISO/IEC 27001 as a prerequisite for doing business.

What are the benefits to me and my organisation?

Attaining the standard makes a public statement of your capability, without revealing security processes or opening systems to second party audits.

How can it help me to gain business?

• Powerful demonstration of an organisations commitment in managing

• information security

• ISO 27001 has been recommended by the UK Data Protection Commissioner

• as one way in which organisations can demonstrate they

• meet the requirements of the standard.

• ISO 27001 demonstrates the independent assurance of your

• internal controls and meets corporate governance and business continuity.

• Independently demonstrates applicable laws and regulations are observed

• Provides a competitive edge by meeting contractual requirements

• demonstrating to clients the security of their information is paramount

What are the internal benefits for my business?

• It will help to make staff aware of their individual duties in protecting

• the organisations sensitive data

• Organisations can use the standard to provide relevant

• information about information security to customers

• ISO 27001 verifies that your organisational risks are properly identified

• , assessed and managed, while formalising information security processes,

• procedures and documentation

• Demonstrated management’s commitment to the security of its information

• The regular assessment helps you to continually monitor your performance.

The standard ensures controls are in place to reduce the risk of security threats and to avoid system weaknesses being exploited. It will also help an organisation to develop a business continuity plan that will minimize imp