Information Security Management
Need some help with
If you aren't quite ready to talk, just help yourself to some of our tools.
ISO27001 Information Security Management Systems
What's it all about?
Information is any organisation's key asset. It may be held electronically, on paper, on post-it note, whiteboard or even in someone’s head. How you protect that information from being lost or stolen is a critical part of your risk management strategy for your organisation to counter the human, technological, physical or environmental threats to yoru data security.
The International Standards Organisation’s ISO27001:2013 standard is the International Standard for creating and maintaining your Information Security Management Systems to look after your organisations data in all of its formats.
A good information Security Management System can add huge benefits to organisations of any type or size and can help you drive real business advantage as well as increased customer confidence that you are handling their data with care.
Your Information Security Management System should help you make the right decisions and help your team act in the right way to secure your organisations data without creating barriers for getting the job done.
It does more than you think:
- An ISO27001 Information Security Management System ensures that you have the systems to effectively manage your organsiation's information and that you understand the potential risks to the security of that information.
- An ISO27001 Information Security Management System helps you understand that information isn't just on a PC or a server, it's in your head, your notebook, a whiteboard and it all needs to be considered and managed.
- An ISO27001 Information Security Management System provides your employees with processes and systems to follow in order to ensure that the information within your organisation remains secure.
- ISO27001 certification provides clients, prospective clients, and suppliers alike with confidence that you operate in a systematic and repeatable way that will protect the integrity of their information.
- having an ISO27001 Information Security Management System in place dramatically reduces the risk linked to employee related information security lapses by ensuring everyone knows what to do and why they have to do it.
- An ISO27001 Information Security Management System helps you understand what your compliance requirements are, not just to meet the standard but also your legal obligations, your provacy obligations, your industry expectations, your location and the market in general.
- An ISO27001 Information Security Management ensures you are following your processes by providing an audit framework and a communication framework that means your entire organsiation understadns what needs to happen to meet your compliance obligations and ensures that someone is responsible for the controls that should be in place.
- An ISO27001 Information Security Management System helps you understand the business risks associated with your organisation's information. What risks are linked to the marketplace, your clients, your suppliers, your internal skills or systems and many more. It also askes you what is your plan to deal with them!
- An ISO27001 Information Security Management System asks you to ensure that everyone is aware of the risks in your organisation and working to minimise them, so everyone is aligned and working together for the good or the organisation.
- An ISO27001 Information Security Management System gives you a structure and routine to work around, this helps to be a more resilient organisation and saves time and money.
Our approach is to provide you with an expert consultant who can work along side you both on site and remotely to help you step through the process of creating an ISO27001 Information Security Management System that fits your organisation’s needs.
We start with a comprehensive Gap Analysis of your organisation, based on the requirements of the standard, to let us identify what you already have in place and what things need to be focused on. This generates a full clause by clause GAP Analysis Report highlighting where we need to focus attention to achieve the standard.
We will then work with you to develop an implementation plan around the 5 phases process that will work to meet the timeframes you need to achieve and ensure that your organisa tion keeps working at the same time. The plan covers every clause in the standardand provides a summary of the actions required to meet the requirements of the standard in away that works for you as an organisation.
Our focus is about making the implementation as simple as it can be and a key part of that is to help you make the right decisions that help your organisation and meet the standard, our focus is firmly on delivering the right balance for you.
The 5 Phases of Your ISO27001 Journey
Planning exactly what needs to be done to create your ISO 27001 ISMS is our first step. This starts with a Gap Analysis of your organisation as it works today vs the requirements of the standard. This generates the work content we need to tackle together and a realistic timeframe for implementation.
Working together, we will support you in generating the required processes, procedures, and records to meet the requirements of both the business and the standard. Linked with this we will also work with you to roll out the training required to help run the systems.
We will help run several internal audits, management meetings and process reviews with your team to help ensure that things are happening, and actions are being followed through.
We will then support you through your 1st External ISO Audit, the Stage 1 Audit by your accreditation body which verifies you have all your systems in place.
Based on the outputs from our internal audits and the external Stage 1 ISO Audit we may well have a few things to tweak in advance of the full Stage 2 Certification Audit.
This is our chance to carry out any updates, fix the remaining issues and update the training of your teams before the big day(s)
We will support you during the certification audits to ensure that everything is covered off and that we can help with any answers that are missing. Our aim is to make it a stress-free non-event for you and your team!
Of course, that is not the end of the journey, there’s always more to do to keep improving and we’d love to be part of that ongoing journey.
Make an Appointment
If you are ready or even just thinking about starting your ISO27001 Information Security Management Systems journey, we would love to have a chat.
Just fill in the form below and we'll be in touch to sort out a time that works for you.