The ISO 27001 standard details the requirements for information security management systems. The standard has recently been updated to ISO 27001:2022.
ISO 27001 is a broad standard which is concerned with the management system employed by an organisation to manage its information security. It is similar to standards such as ISO 9001 in that it requires the communication of a clear organisational structure with clear roles and responsibilities for individuals. Additionally, organisations must demonstrate that documented information is controlled, that risks and opportunities are considered and that actions to address these are identified and implemented. However, unlike other standards, ISO 27001 differs in that it includes an Annex (Annex A) listing various control which need to be considered in the risk mitigation process.
In order to comply with the standard organisations must produce a range of documentation. These include information security policies and a statement of applicability to serve as evidence that the controls in Annex A have been addressed. Additionally the risk assessment process may include a consideration of IT infrastructure and systems.
Meeting the requirements of this standard
The standard requires organisations to conduct a full review of the flow of information – where it is stored, how it is accessed, and how it is disseminated. Organisations must also document the controls they employ to preserve their data, protect it from unauthorised access and accidental corruption or alteration and whether their systems are robust enough to ensure the availability of information for business continuity.
For new adopters of the standard or existing users who are required to now satisfy ISO27001:2022, please see our blog post which features a Transition Guidance Document for free, detailing the updates and changes you need to make.
ISO 27001 Certification Process
We offer a straightforward certification process which can independently confirm that your organisation meets the requirements of the ISO 27001 standard. Once we have completed a satisfactory audit of your management systems we will issue you with an ISO27001 registration certificate which will authorise you to display our “ISO 27001 Registered” logo.
Benefits of ISO 27001 Certification
- Achieve better scores in pre-qualification questionnaires (PQQ’s)
- Improved appraisal of outsourced services and the development of checks to protect company information and data
- Demonstration to suppliers and other interested parties that their information is protected and managed correctly
- Ensures that IT infrastructure is managed correctly with effective backup and disaster recovery systems in place
- Ensures that the organisation meets relevant legal requirements such as the General Data Protection Regulation (GDPR)