|What is ISO 27001?||
Information is a critical asset for every organisation whether they operate in the public or private sector. It is therefore vital to appropriately protect that information and the systems it resides on. Security breaches cost UK companies millions of £’s every year, and it is not only financial cost that impacts – damage to reputation and client confidence can have as detrimental an affect as loss of availability. In fact in August 2010 the UK operation of Zurich Insurance was fined a record £2.28m for losing the confidential personal details of 46,000 British customers. It is the highest fine levied by the Financial Services Authority on a single company for data security failings.
Information comes in many forms including personnel data, financial records, customer information and business strategy. And if you store, manage or process information for your customers you also have responsibility for the security of their data as well as your own! It is therefore vital to implement appropriate security controls to protect not only the assets but your brand reputation, and potentially that of your customer, and if you think IT alone is the answer you couldn’t be further from the truth. Over 80% of security breaches come from within the organisation as a result of poor policy, procedures and staff awareness training.
That’s why organisations are exploring the benefits of complying or certifying to ISO/IEC 27001:2013. This standard provides a baseline minimum set of controls which cover the people, places and process requirements you need in order to provide staff, suppliers and customers with confidence in your data security. Certifying to the standard can give a real competitive edge in today’s technology led environment and we have a proven track record in taking companies through the process to successful certification.
|What are the benefits of compliance?||
ISO/IEC 27001:2013 is the only auditable standard that provides a framework for establishing an Information Security Management System (ISMS). Certifying your ISMS against ISO/IEC 27001:2013 can bring the following benefits to your organization:
|What can we do to help?||
Our objective is to reuse as much of your existing investment in security policies and procedures as possible. In order to achieve this, our approach is based on working with you to understand what has been achieved to date, update and implement policies and procedures as required to meet the standard, develop an Information Security Management System (ISMS) and implement a security awareness program to enforce compliance.
Our approach is based on the following activity:
ISO/IEC 27001:2013 consultancy services include:
Our consultants are qualified ISO/IEC 27001:2013 Lead Auditors with many years experience of delivering information security services. We can help your organisation to comply with the requirements of ISO/IEC 27001:2013 or achieve formal certification against the standard