If your organisation handles sensitive data and information, you need to ensure that it is held Confidentially, that it is Available to those who are authorised to access it and its Integrity must be ensured. These are the ‘corner stones’ of Information Security which are encapsulated in ISO 27001.
ISO 27001 defines the requirements for an Information Security Management System (ISMS) and is designed to help an organisation to protect its vital information, hardware, software, people etc.
Information security management goes way beyond performing back-ups of your data every night and having anti-virus software on your laptops. In fact, contrary to popular belief, it is not just an IT based standard, it also addresses the need for the security of all data and information, whether it is held on paper or electronically and also includes the physical security of your premises.
The issues surrounding information security involve more than just hackers and malicious software; they can involve employees, computer theft, data theft and trespassing. Safeguarding information in the 21st Century requires a thorough hardening of security processes, procedures and stated policies that are based on internationally accepted best practices to improve information security defences and to meet contractual and regulatory requirements.
Annex A of the standard contains 133 ‘control objectives’ which, if they applicable to your organisation, must be addressed. These will assist you in ensuring the security of your data which will help you to protect your reputation in the eyes of your clients. Compliance with this standard is often a pre-requisite for working with certain large organisations so if you wish to start, or continue, working with them you will need to establish and implement an ISMS.
We can help you to design, develop and implement a workable ISMS which suits the needs of your organisation. It will be built around your requirements, not just the completion of someone else’s templates which satisfy an auditor. We can also integrate the ISMS with other standards such as ISO 9001 and because we are independent of any one certification body, we can help you to choose a suitable CB to perform your certification audits.