ISO 27001

ISO/IEC 27001 aims to ensure that adequate controls addressing confidentiality, integrity and availability of information are in place to safeguard the information of 'interested parties'. These include your customers, employees, trading partners and the needs of society in general.

Unprotected systems are vulnerable to computer-assisted fraud, sabotage and viruses. Breaches in information security can allow vital information to be accessed, stolen, corrupted or lost. How confident are you that you have the appropriate controls and procedures in place to avoid such incidents?

An information security management system compliant to ISO/IEC 27001, formerly known as BS7799 part 2 can help you demonstrate to trading partners and customers alike that you take information security seriously.

How can ISO/IEC 27001 benefit my organisation?

Our assessors are management systems experts with the experience and knowledge to give a thorough and objective audit of your information security management system. This will help give you increased confidence in your own security measures as judged against best industry practice.

Accredited certification to ISO/IEC 27001 is a powerful demonstration of an organisation’s commitment in managing information security and can offer the following key benefits:

• Competitive advantage: increasingly organisations you want to do business with will want to know how safe your IT systems are. Indeed, more companies now see certification to ISO/IEC 27001 as a prerequisite for doing business.
• Demonstrating your capability: you will be able to make a public statement of capability without revealing your security processes or opening your systems to second party audits.
• Minimising business risk: ensures controls are in place to reduce the risk of security threats and to avoid system weaknesses being exploited. It will also help the organisation develop a business continuity plan that will minimise impact of any security breaches.
• Compliance with legislation: compliance provides a process whereby existing and potential legislation is identified. ISO/IEC 27001 has been recommended by the UK Data Protection Commissioner as one way in which organisations can demonstrate they meet the requirements of the Data Protection Act 1998.
• Increased confidence: our assessors are management systems experts qualified in information security and other aspects of IT. Their objective view will give you increased confidence in your own security measures as judged against best industry practice.
• Staying vigilant: our six monthly 'surveillance visits' will help keep your information security management system on track and help you demonstrate ongoing compliance.

How can we gain certification to ISO/IEC 27001?

LRQA provide a range of assessment, certification and training services to this standard.

• If you would like to speak to one of our business advisors call 0800 783 2179. They will ask you a few key details about your organisation, to assist your query.
• Alternatively, complete the enquiry form on this website.
• For ISO 27001 training and development options, visit our training section.

Background to ISO/IEC 27001 / ISO/IEC 17799

Introduced by the DTI as BS 7799 in 1995 offering best practice guidance in information security management, the standard comes in two sections:

ISO/IEC 27001 is a third party assessable standard against which organisations can achieve certification. It was revised in 2005 and is based on the plan - do - check - act model in common with ISO 9001 and ISO 14001 and uses risk assessment and business impact analysis to identify and manage risks to the confidentiality, integrity and availability of information.

ISO/IEC 17799, also revised in 2005, provides implementation advice and guidance to support security objectives and controls selected to manage the risks identified by the ISO/IEC 27001 risk assessment process. It will be renumbered ISO/IEC 27002 in 2007.

Home   Contact   Find Us   Events   Worldwide   RSS Feeds (not yet available)