ISO 27001: Information Security Management Systems
ISO 27001 promotes the security of information systems through quality system management. In a technology-led business world, control of private and confidential information stored and supplied through information systems is paramount to an organisation’s success.
ISO 27001 ensures that information security is brought under critical and established controls through formal specification of management systems and auditing.
The IMS certification team is highly skilled and our aim is to ensure the assessment process promotes the safety, security and improvement of your system. Gaining this certification also helps raise awareness within your business on the possible threats to information and how to safeguard it. With data control, the business can develop its resource sharing among staff to improve production processes.
An Information Security Management System (ISMS) is a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems by applying a risk management process.
It can help small, medium and large businesses in any sector keep information assets secure
ISO 27001 Foundation requirements
- An effective information risk assessment method to manage and minimise risk exposure
- A comprehensive information security control system
- Adopt and retain an effective management practice to safeguard data systems from potential breaches
- Develop an information security policy
- Meet legal and stakeholder data protection requirements
- Management of assets and resources to reduce the risk of data leaks
ISO 27001 Statistics
Recent Cyber Attacks
It is estimated that 52% of British businesses were victims of some form of cyber crime in 2016 at a cost of almost £30 billion. Computer viruses and phishing attacks were the most common and 18% of businesses were hacked. It’s projected to reach $2 Trillion by 2019 globally.
A massive ransomware attack has hit computers and servers across the globe causing turmoil in its path. It first shut down operations in Russia and the Ukraine before spreading quickly to Romania, the Netherlands, Norway, France Spain, Britain, the US, India and Australia. This is a malicious software that blocks access to the victim’s data or threatens to publish or delete it until a ransom is paid.
Businesses can help protect their data from security breaches and cyber attacks by achieving certification to ISO 27001: Information Security Management Systems.
For tips on how to protect your business or the implementation of ISO 27001, visit our support page here
AT On Line Computing Ltd
"Our auditor was Andrew Holdstock. He was the most pleasant auditor I have ever encountered. He very clearly explained things and the audit was very helpful."
Transitioning to ISO 27001:2013
It is advised that all businesses certified to ISO 27001: 2005 update their systems to meet the 2013 requirements.
Achieving this standard should be a company’s first line in defence against potential threats to information such as hackers, viruses and the theft of intellectual property and many tenders now specify the standard as a basic requirement. The standard ensures that your information security is under control through specified and audited management systems. It also raises awareness across the company on the possible threats to information and how to put procedures in place to protect it.
ISO 27001 requires you to:
- Identify the risks related to external parties and address any security issues relating to these risks
- Identify security roles and responsibilities of employees, contractors and third-party users
- Raise awareness of information security risks and educate staff on them
- Identify termination processes to ensure that assets are returned and access rights removed
- Prevent unauthorised physical access, damage and interference to the organisations premises and information
- Prevent loss, damage, theft or compromise of assets and interruption to the organisations activities
- Protect software against malicious code and raise user awareness
- Backup information in secure environments
- Ensure networks are protected
- Improve data sharing control