 |
| What is ISO 27001? ISO 27001 – Information Security Management The ISO 27000 series of standards on security techniques for information technology provides a very flexible and effective framework to addressing information security. No one business is the same and requirements differ significantly between different organisations. ISO 27001 allows for specific tailoring of risks and the appropriate protection necessary. Having an effective Information Security Management System (ISMS) in place and becoming certified to ISO 27001 has a vast array of benefits. It requires businesses to identify risks to their information and put in place security measures to manage or reduce those risks. ISO 27001 is also based on continual improvement and requires companies to regularly review the effectiveness of their ISMS and ensures they stay ahead of the curve for emerging information security risks. |
| The Information Security Management System Process |
 |  |  |  |
| Starting with ISO 27001 Learn about the international standard and what achieving ISO 27001 can do for your business | Implementing an ISO 27001 system Our experienced, committed and dedicated team tailors a program to suit your individual needs | Certification to ISO 27001 Third party assessment to gain certification for your Information Security Management System | Maintaining an ISO 27001 system GPC is available to maintain your system to ensure compliance and continual improvement |
Management System Documentation  |
| Why implement an Information Security Management System? Ensures companies cover their legal and regulatory requirements for information security Company operations have never been more IT system dependent Commercially sensitive information has never been more at risk Information and processes are increasingly entered in the cloud Location-specific risks have been reduced for many types of operations 3rd party certification may reduce any need for 2nd party audits Gain stakeholder and customer trust that their data is protected Expand potential tendering opportunities by demonstrating a high level of information security through 3rd party certification ISO 27001 Information Security helps companies prioritise actions most appropriate to their business, today, and as risk profiles. |
| How we can help Review your current information security arrangements and ensure your business has addressed the basic requirements of an ISMS Develop a Management Manual in your own terminology to reflect how your business addresses the requirements of ISO 27001, including the relevant roles and responsibilities required We then ensure the risk assessment methodology effectively includes information security criteria We then assist with the development of a Statement of Applicability to record the controls (security measures) from ISO 27001 Annex A (also in ISO 27002) that has been or will be implemented, including a justification for their inclusion/exclusion We train all relevant employees in the resultant ISMS We ensure all compliance obligations are identified and regularly monitored We train your Internal Audit Team and conduct the first internal audit We participate in the first management review meeting Finally, we fully prepare you for 3rd party certification. |