ISO 27001 Implementation

The loss of sensitive corporate or customer data can seriously damage your organisation’s finances and reputation. Protect your corporate data, manage security threats and build customer confidence with ISO 27001.

How can the ISO 27001:2013 standard strengthen your Information Security Management?

By implementing ISO 27001:2013, with support from our expert consultants, you will establish robust procedures to prevent data security breaches and data theft. Backed up by our independent assessment and verification process, ISO 27001 demonstrates to customers and stakeholders that you take their privacy seriously.

Our initial audit

Every business stores data in different ways. As a result, no two organisations’ security risks are the same. This poses unique security challenges.

Our initial audit will look at the way you currently protect information and compare this with international best practice. In effect, this will be an ISO 27001 risk assessment to highlight areas that need attention. We will also identify any unique risks to your company’s information security.

We will then work with you to create a bespoke ISO 27001 Information Security Management System (ISMS) that meets your specific needs, including a detailed user manual. Our team of experienced consultants can help you deliver an effective ISMS in less than 30 days. We will then support you through the regular reviews and follow-up audits.

Planning for ISO 27001:2013 implementation

Implementing ISO 27001:2013 involves 114 specific security measures, organised into 14 sections, followed by a ongoing 3-stage audit process. The 14 sections are as follows:

  1. Information security policies
  2. Organisation of information security
  3. Human resources security
  4. Asset management
  5. Access control
  6. Cryptography
  7. Physical and environmental security
  8. Operations security
  9. Communications security
  10. Systems acquisition, development and maintenance
  11. Supplier relationships
  12. Information security incident management
  13. Information security aspects of business continuity management
  14. Compliance.

The ongoing 3-stage audit process for the ISO 27001:2013 standard:

1. Informal review of your ISMS, which includes checking the existence and completeness of key documents such as your:

– Organisation’s security policy

– Risk Treatment Plan (RTP)

– Statement of Applicability (SOA).

2. Independent certification audits to check your ISMS meets the requirements specified in ISO 27001. These are usually conducted by independent ISO 27001 lead auditors.

3. Regular reviews and audits to confirm that your organisation continues to comply with the ISO 27001 standard and that your ISMS continues to operate as specified and intended.