ISO 27001 Information Management
Information security is one of the key concerns of the modern organisation and one of the key concerns for Key Security Group. The volume and value of the data used in our business needs protecting and to this end implementing, maintaining and improving an information security management system (ISMS) is essential to the development of our business and key to us meeting our strategic objectives, particularly in respect of achieving certification to ISO 27001:2013
The main drivers for information security are undoubtedly globalisation, government directives, regulatory requirements, terrorist activities and escalating cyber threats. Furthermore, obtaining contracts with governments, local authorities and large corporate clients is making ISO 27001 is a prerequisite for doing business. Certification is seen as a powerful assurance of our commitment to meet our obligations to customers and business partners.
The recent introduction of the General Data Protection Regulation and the Data Protection Act 2018 has also highlighted the need for information security management systems that are 3rd party approved to a recognised standard. ISO 27001 is that standard.
ISO 27001 adopts the high level structure found in other management systems and fits perfectly in out compliance framework. The ISO 27000 family of standards offers a set of specifications, codes of conduct and best-practice guidelines for organisations to ensure strong information security management. Of primary interest are ISO 27001 and ISO 27002. ISO 27001 is a technology-neutral, vendor- neutral information security management standard, but it is not a guide. Of the above standards for IT security governance, ISO 27001 offers the specification: a prescription of the features of an effective information security management system.
As the specification, ISO 27001 states what is expected of an ISMS. This means that, in order to receive certification or to pass an audit, our ISMS must conform to these requirements.
While ISO 27001 offers the specification, ISO 27002 provides the code of conduct –guidance and recommended best practices that can be used to enforce the specification. ISO 27002, then, is the source of guidance for the selection and implementation of an effective ISMS. In effect, ISO 27002 is the second part of ISO 27001.
For a confidential quote, please call Brian on 0161 486 3386 or alternatively complete the short questionnaire on this link
How can K7 help
K7 has experience in supporting businesses achieve certification in information security management systems (ISO 27001).
With the introduction of GDPR and changes to data protection legislation, information has become a very valuable commodity. In this age of the information revolution, protection of information has never been more important. We can help you protect your information by implmenting an information management system that will ensure your data is protected.
As the specification, ISO 27001 states what is expected of an ISMS. This means that, in order to receive certification or to pass an audit, our ISMS must conform to these requirements.
While ISO 27001 offers the specification, ISO 27002 provides the code of conduct –guidance and recommended best practices that can be used to enforce the specification. ISO 27002, then, is the source of guidance for the selection and implementation of an effective ISMS. In effect, ISO 27002 is the second part of ISO 27001.