ISO/IEC 27001 - Information Security Management Systems Certification

A proactive approach to minimising information security risks is important to both your customers and organisation. When you have an ISO/IEC 27001 certification, this demonstrates to your clients that your company has considered the risks associated with information security and have therefore implemented a high-quality process to minimise harm. Don’t risk costs to your business and implement an effective process to manage your invaluable assets with ISO/IEC 27001.

What is the ISO/IEC 27001 standard?

The ISO/IEC 27001 standard adopts a process approach for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an organisation’s information security management system.

ISO/IEC 27001 was established by the International Organization for Standardization (ISO). It was first launched in 2005, as a replacement of BS 7799.

Alignment with other management system standards

ISO/IEC 27001 is aligned with other management systems, and supports consistent and integrated implementation and operation with related management standard.

Features of ISO/IEC 27001:

• ISO/IEC 27001 is harmonised with the structure of other management systems.
• ISO/IEC 27001 puts emphasis on a continual process improvement of your information security management system.
• Clarifies requirements for documentation and records.
• Involves risk assessment and management processes using a Plan, Do, Check, Act (PDCA) process model.

Protecting your assets

The standard takes a comprehensive approach to information security. Assets that need protection include digital information, paper documents, physical assets (computers and networks) and the knowledge of individual employees. Issues you must address can range from competence development of staff to technical protection against computer fraud.

ISO/IEC 27001 will help you protect your information in terms of the following principles:

• Confidentiality ensures that information is accessible only to those authorised to have access.
• Integrity safeguards the accuracy and completeness of information and processing methods.
• Availability ensures that authorised users have access to information and associated assets when required.

How can we help you?

For third party certification, you need to implement an effective information security management system complying with the requirements of the standard.  DNV GL - Business Assurance is an accredited certification body. We provide relevant training and certification services. See how you can get started on the road to certification.