ISO 27001 provides the framework for a technology neutral, vendor-neutral management system that enables an organisation to assure itself that its information security measures are effective. ISO 27001 is structured to be easily compatible with other management systems standards such as ISO 9001 and ISO 14001.
ISO 27001 provides the framework for a technology neutral, vendor-neutral management system that enables an organisation to assure itself that its information security measures are effective. ISO 27001 is structured to be easily compatible with other management systems standards such as ISO 9001 and ISO 14001.
ISO 27001 provides the framework for a technology neutral, vendor-neutral management system that enables an organisation to assure itself that its information security measures are effective. ISO 27001 is structured to be easily compatible with other management systems standards such as ISO 9001 and ISO 14001.
– Information Technology - Information Security Management Systems
Security Techniques - Information security management systems ISO 27001:2005 - Requirements.
What is ISO 27001? What are the benefits of certification?
ISO 27001 is the international standard for Information Customer satisfaction – by giving confidence that their Security Management Systems (ISMS) based largely upon personal information is protected and confidentiality the previously adopted BS 7799 used commonly since 1995 upheld for managing information security. Business continuity – through management of risk, legal ISO 27001 provides the framework for a technology compliance and vigilance of future security issues and neutral, vendor-neutral management system that enables concerns an organisation to assure itself that its information security Legal compliance – by understanding how statutory and measures are effective. This includes the continued regulatory requirements impact the organization and its accessibility, confidentiality and integrity of its own customers information and that of its stakeholders as well as legal Improved risk management – through a systematic compliance. framework for ensuring customer records, financial Implementation of ISO 27001 is an ideal response to legal information and intellectual property are protected from requirements and potential security threats such as: loss, theft and damage Vandalism / terrorism Proven business credentials – through independent Fire verification against recognized standards Misuse Ability to win more business – particularly where procurement specifications require certification as a Theft condition to supply Viral attack ISO 27001 is structured to be easily compatible with other How to gain registration? management systems standards such as ISO 9001 and ISO The process of registration follows three simple steps: 14001. Whilst there are some clause numbering differences, Application for registration is made by completing the common elements include documentation, review and audit application questionnaire requirements, enabling an organisation to develop a largely integrated management system. Assessment is undertaken by NQA – the organisation must be able to demonstrate that its ISMS has been fully Whilst modern communication mediums mean that most operative for a minimum of three months and has been ISMS systems are focused on ICT, ISO 27001 is equally subject of a full cycle of internal audits applicable to other forms of information, such as paper records, images, and even conversations. Registration is granted by NQA and maintained by the organisation. Maintenance is confirmed through a Who is ISO 27001 applicable to? programme of annual surveillance visits and a three yearly re-certification audit. ISO 27001 is applicable to any organisation where the misuse, corruption, or loss of its business or customer information could result in major commercial prejudice. NQA has registered organisations to ISO 27001 in sectors as diverse as storage and warehousing, secure destruction, telecommunications, advertising, financial outsourcing and software development.
nqa Initial Certification Audit Contact us delivering world-class Stage 1 – the purpose of this visit is to confirm the For more information about this service, contact our friendly performance readiness of the organisation for full assessment. The team today. We will be pleased to help you. assessor will: confirm that the quality manual conforms to the requirements of ISO 27001 confirm its implementation status confirm the scope of certification, statement of applicability and any exclusions check legislative compliance and review risk assessment produce a report that identifies any non-compliance or potential for non-compliance and agree a corrective action plan if required produce an assessment plan and confirm a date for the Stage 2 assessment visit Stage 2 – the purpose of this visit is to confirm that the quality management system fully conforms to the requirements of ISO 27001 in practice. The assessor will: undertake sample audits of the processes and activities defined in the scope of assessment document how the system complies with the standard report any non-compliances or potential for non-compliance produce a visit plan for the first surveillance visit Please note that if any major non-conformance is identified, the organisation cannot be certified until corrective action is taken and verified.