T: 01202 779455M: 07808 666380E: Contact us
ISO 27001:2013
ISO 27001:2013
ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organisation. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organisation. The requirements set out in ISO/IEC 27001:2013 are generic and are intended to be applicable to all organisations, regardless of type, size or nature.
The ISO/IEC 27000 family of standards helps organizations keep information assets secure.
Using this family of standards will help your organization manage the security of assets such as financial information, intellectual property, employee details or information entrusted to you by third parties.
ISO/IEC 27001 is the best-known standard in the family providing requirements for an information security management system (ISMS).
ISO/IEC 27001:2013 is an information security standard that was published in September 2013. It supersedes ISO/IEC 27001:2005 and is published by the International Organisation for Standardisation (ISO) and the International Electrotechnical Commission (IEC) under the joint ISO and IEC subcommittee. It is a specification for an information security management system (ISMS). Organisations that meet the standard may be certified compliant by an independent and accredited certification body on successful completion of a formal compliance audit.
An ISMS is a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems by applying a risk management process.
It can help small, medium and large businesses in any sector keep information assets secure.
Achieve ISO 27001 ISMS compliance or certification
In today’s business environment, information is the lifeblood for any organisation. Increasingly, organisations and their information systems are exposed to security threats from a wide range of sources, including computer-assisted fraud, espionage, sabotage, vandalism, fire or flood. Computer viruses, hacking and denial of service attacks have become more common and increasingly sophisticated.
Achieving ISO 27001 significantly minimizes the risk and mitigates the organization against internal human error or misdemeanor.
Successful ISMS compliance and certification requires a methodical approach, careful consideration of scope and a thorough understanding of your information security needs. ISO Certification Ltd is well placed to advise you on the steps required to ensure that your information security practices conform to those identified in the Standard.
What is information security?
Information security is the protection of information to ensure:
- Confidentiality: ensuring that the information is accessible only to those authorized to access it.
- Integrity: ensuring that the information is accurate and complete and that it is not modified without authorization.
- Availability: ensuring that the information is accessible to authorised users when required. Information security is achieved by applying a suitable set of controls (policies, processes, procedures, organisational structures, and software and hardware functions).
Achieving ISO 27001 with ISO Certification Ltd
ISO Certification Ltd offers expert consultation services for effective implementation of ISO27001.
Project Scoping: Properly scoping an ISO27001 project is an essential first step in any compliance initiative. Our consultants help you identify the business processes critical to your organisation which could be best targeted for initial compliance to the world-wide recognised Standard.
Gaps Identification: Gap analysis is the next step where our consultants develop a comprehensive report identifying the work required to become compliant, as well as an action plan that includes prioritised actions for security improvement.
Risk Assessment: Risk assessment is a mandatory component of ISO27001 and we’ll help you analyse the levels of information security risk inherent to your business processes. Assessments can be performed.
Process Improvement: Our consultants provide whatever level of support you need to implement the required security improvements and are able to suggest practical solutions in each of the different areas of the Standard.
Preparing for Certification: Our consultants will explain both the benefits and the relatively minor, additional costs involved in certification. We can prepare you for certification and help you implement any final changes necessary to your ISMS. Finally, we can assist during the audit process itself by dealing with a certification body on your behalf and addressing any audit observations that arise
ISO/IEC 27001:2013 has ten short clauses, plus a long annex, which cover:
- 1. Scope of the standard
- 2. How the document is referenced
- 3. Reuse of the terms and definitions in ISO/IEC 27000
- 4. Organisational context and stakeholders
- 5. Information security leadership and high-level support for policy
- 6. Planning an information security management system; risk assessment; risk treatment
- 7. Supporting an information security management system
- 8. Making an information security management system operational
- 9. Reviewing the system’s performance
- 10. Corrective action
Want Expert Certification advice ? – Start your consultation with us now !
We will get to know you, your business, and what you need to achieve out of your systems and your certifications.
We take care of the whole process for you, answer all your questions and adjust our services to suit your resources and your individual business needs. We will be there for you to coach you through the preparation, through the audits and ongoing.
We assist in selecting your Conformity Assessment Body (CAB) to ensure they have the appropriate knowledge of your industry and the work you do, are realistic and take a value-adding approach.
We understand that every business is unique- we want this to be a meaningful and value-adding process for you.