Information Security

Information Security Management

ISO 27001:2013

ISO 27001:2013 is the International Standard for Information Security Management Systems.

ISO 27001: Information Security Management Systems

What is ISO 27001?

ISO 27001:2013 is an internationally recognised standard providing organisations with a framework for Information Security Management Systems (ISMS) to ensure continued confidentiality, integrity and availability of information as well as legal compliance.

For organisations looking to protect and secure vital assets like employee and client information, brand image and other private information, then ISO 27001 certification is essential. The ISO standard includes a process-based approach to initiating, implementing, operating and maintaining your ISMS.

ISO 27001 implementation is an ideal response to customer and legal requirements such as GDPR and potential security threats including: cyber crime, personal data breaches, vandalism/terrorism, physical damage, misuse, theft and viral attacks.

Designed to work in parallel with other popular ISO standards, ISO 27001 is technology and vendor neutral, which means it is completely independent of any IT platform. As such, all members of the company should be educated on what the standard means and how it applies throughout the organisation. 

Achieving accredited ISO 27001 certification indicates that your company is dedicated to following information security best practice. Additionally, ISO 27001 certification provides you and your stakeholders with a comprehensive review of whether your organisation's information is adequately protected. Read on to explore more benefits of ISO 27001 certification.

We have answered some common frequently asked questions about ISO 27001 here.

Looking to implement an ISO 27001 management system or aren't sure where to start? Take a look at our ISO 27001 Implementation Guide here.

Get in touch

How To Get Certified To ISO 27001

Helps you with

  • Asset protection
  • Security policy
  • Cyber security strategy
  • IT governance
  • Incident management
  • Threat mitigation
  • Downtime reduction
  • Loss prevention
  • Data breaches
  • Compliance checklist
  • Management system
  • GDPR

Other risk management standards:

Benefits of Certification

Customer satisfaction icon

Customer satisfaction

Give customers confidence that their personal data/information is protected and confidentiality upheld at all times.

Business continuity icon

Business continuity

Avoid downtime with management of risk, legal compliance and vigilance of future security issues and concerns.

Legal compliance icon

Legal compliance

Understand how statutory and regulatory requirements impact your organisation and its customers, whilst reducing risk of facing prosecution and fines.

Improved risk management icon

Improved risk management

Ensure customer records, financial information and intellectual property are protected from loss, theft and damage through a systematic framework.

Proven business credentials icon

Proven business credentials

Independent verification against a globally recognised industry standard speaks volumes.

Win more business icon

Win more business

Procurement specifications often require certification as a condition to supply, so certification and verification opens doors.

Global recognition as a reputable supplier icon

Global recognition as a reputable supplier

Certification is recognised internationally and accepted throughout industry supply chains, setting industry benchmarks for sourcing suppliers.

Is ISO 27001 certification right for me?

If you need the evidence or assurance that your most important asset is protected from misuse, corruption or loss then ISO 27001 certification is right for you and your organisation. If you're looking for a way to secure confidential information, comply with industry regulations, exchange information safely or manage and minimise risk exposure, ISO 27001 certification is a great solution.

We have certified organisations to ISO 27001 in a diverse range of sectors, including Royal Mail Group, Smart Water Technology, Barcode Warehouse and the Northern Ireland Council for Curriculum, Examinations and Assessment. ISO 27001 is suitable for many industries, including government agencies, financial and IT companies, telecoms and any other organisation that works with sensitive data.

What is an ISMS?

An Information Security Management System (ISMS) is a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems by applying a risk management process to help organisations of any size, within any industry, keep business information assets secure.

With the increasing severity of data breaches in today's digitized world, ISMS is crucial in building up your organization's cyber security. Some benefits of ISMS include:
  • Increased attack resilience: ISMS improves your ability to prepare for, respond to and recover from any cyber attack.

  • Manage all of your data in one place: As the central framework for your organisation's information, ISMS allows you to manage everything in one place.

  • Easily secure any form of information: Whether you want to protect paper-based, cloud-based or digital info, ISMS can handle every kind of data.

  • Reduce the costs of information security: With the risk assessment and prevention approach provided by ISMS, your organisation can reduce the costs of adding layers of defensive technology after a cyber attack that aren't guaranteed to work.

GDPR and ISO 27001

The General Data Protection Regulation (GDPR) has a much more extensive scope than the previous Data Protection Act (DPA) and has been introduced to stay in touch with the modern digital landscape. The regulation affords more data rights to individuals and requires organisations to develop defined policies, procedures and to adopt relevant technical and organisational controls to protect personal data.

The GDPR applies to two types of users: Controllers and Processors.

The Controller determines how and why the personal data is used or processed and the processor acts on the controllers behalf, much like many organisations relying on the services of an IT service provider.

Processors have more legal obligations placed on them in the case of a breach however a controller will be responsible for ensuring the contracts with the processor comply with the GDPR.

This is not a complete overview of the regulation and should not be used as such. Find out the key points and how they map to ISO 27001 here.

ISO 27001 Training

Steps to Certification

  1. Step 1

    Complete a Quote Request Form so we can understand you and your business. We will then use this to personally prepare a proposal for your certification and define what is known as your 'scope of assessment'.

  2. Step 2

    We will then contact you to book your assessment with an NQA assessor. It consists of two mandatory visits that form the Initial Certification Audit. Please note that you must be able to demonstrate that your management system has been operational for a minimum of three months and has been subject to a management review and a full cycle of internal audits.

  3. Step 3

    Following a successful stage two audit, a decision is made. If positive, your certification will be issued by NQA, with both a hard and soft copy of the certificate awarded. Certification is valid for three years and maintained through surveillance audits (years one and two) and a recertification audit in year three.

See more details

Information Security Toolkit 2013

ISO 27001 FAQs

ISO 27701 Implementation Guide

ISO 27001 Information Security Checklist

ISO 27001 27017 27018 27701 Mapping

Risk Assurance Brochure

Integrated Quote Request Form

Information Security Management Training

Measuring Operational Resilience Method

Annex SL Comparison Tool

Gap Analysis

CityFibre Case Study

Is Your Management System Integrated?

Need a Consultant?

Download Certification Logos

Combining ISO 27001 with ISO 9001 Gap Guide

Ready to start your journey?

We'll give you a clear indication of the costs of gaining and maintaining certification.
Not ready yet? Call us on 0800 052 2424 or request a callback to discuss your certification requirements.

What's next

Get in touch today to begin your journey to a greener, more sustainable business and a member of our team will be in touch to discuss your requirements: