ISO/IEC 27001:2006 Consultancy
What is ISO/IEC 27001?
Information is critical to the operation and perhaps even the survival of any organisation.
ISO/IEC 27001 is the only auditable international standard which defines the requirements for an Information Security Management System (ISMS). An ISMS meeting the criteria of this standard will ensure the selection of adequate and proportionate security controls.
This helps protect information assets within the organisation and gives confidence to any interested parties, especially customers. The standard adopts a process approach for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving the ISMS.
ISO/IEC 27001 is suitable for any organization, large or small, in any market sector. The standard is particularly suitable where the protection of information is critical, such as in the finance, health, public and IT sectors.
ISO/IEC 27001 is also highly effective for organizations which manage information on behalf of others, such as IT outsourcing companies: it can be used to assure customers that their information is being protected.
For more information,
download our Free Guide
Why You Need ISO 27001
You know how the use of Information Technology has transformed the way businesses operate. Whether through electronic commerce, remote communications, or innovations in business processes, IT has become central to delivering business performance improvement. However, business information is not just an IT issue; your staff will have vital information on the way your business operates, and there will be essential hard copy documents. It is apparent that critical information extends well beyond your IT systems. A common mistake many people make when trying to improve information security is to pass the issue to the IT department and ignore all non-IT information assets.
Information security is not only about keeping information secret and maintaining appropriate confidentiality. Availability of information is often the dominant factor for an information security management system, and implementing a good ISMS will help ensure the integrity of your information is maintained and that access to it remains uninterrupted.
So effective information security is much more than IT security, it crosses organisational structures and impacts upon the whole business. It encompasses much more than keeping small amounts of information secret. Your success is becoming more dependent upon the availability and integrity of critical information to ensure smooth operations and improved competitiveness. The ISO 27001 standard has emerged as the recognised mechanism to improve your business.
How we can help
Our consultants have extensive experience of both implementing and maintaining business management systems in a wide range of industry sectors.
We can assist in identifying and documenting your information assets, and assessing threats and vulnerabilities. We can also assist with the development of documented procedures to meet the requirements of the standard and provide the level of information security management needed by your business, help and advise in their implementation throughout the business and assist in training and communicating to staff. We can also perform internal audits, train your staff in audit techniques and facilitate management review meetings. Finally, we can also assist with the selection and appointment of a UKAS accredited certification body and attend certification audits.
In the longer term, we can continue to provide an internal audit service and attend certification audits as required.
The level of consultancy we provide is entirely controlled by the client - we are happy to provide as much or as little as you need.
Join the Quality Team mailing list
Subscribe to our mailing list.
