ISO 27001

 

What is ISO 27001?

ISO/IEC 27001:2013 is the international information security standard that is now accepted as best practice both within the UK and worldwide.  

ISO 27001 image

ISO 27001 (formally known as ISO/IEC 27001:2005) is a specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation’s information risk management processes. The specification includes details for documentation, management responsibility, internal audits, continual improvement, and corrective and preventive action. The standard requires cooperation among all sections of an organisation.

ISO 27001 was developed to "provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system."


ISO 27001 uses a top down, risk-based approach and is technology-neutral. The specification defines a six-part planning process:

The standard provides requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS). ISO 27001 is also accompanied by ISO 27002 which is used as a reference for selecting security controls with the ISMS.

We are ideally placed to work with organisations that wish to implement the standard. We also provide help with achieving certification against the standard. 


ISO 27001 services we offer:

You can reach us on 0333 353 8553 or use the contact form and we’ll get back to you.