Phone Icon 0333 323 3981

Contact us

About ISO 27001

12 Months Penetration Testing/ISO27001 Cycle

ISO 27001 replaced  the British Standard BS7799-2 and is the internationally recognised best practice standard for Information Security Management.

By achieving the ISO 27001 certification, you are able to demonstrate that you operate in line with a best-in-class standard for your Information Security Management System (ISMS) for both paper and electronically based assets. This standard has been created by the International Security Office (ISO) and the International Electrotechnical Commission (IEC).

The benefits of attaining ISO 27001 are:

  • Marketing
  • Cost Savings
  • Competitive Advantage
  • Professionalism

The ISO 27001 audit covers a range of controls:

  • Security Policy: management of information security plus organisation of assets and resources.
  • Asset Classification and Control: you can only defend what you know you have.
  • Personnel Security: mitigate the risks of theft, fraud, human error or misuse.
  • Physical and Environmental Security: prevent unauthorised access, malicious damage and interruption to your organisation and its data.
  • Compliance: ensure you comply with any security requirements, criminal and civil law, statutory, regulatory or contractual obligations.
  • Communications and Operations Management: ensure correct procedures and the secure operation of data processing.
  • Access Control: control access to data and appropriate system assets
  • Business Continuity Management –protect business critical processes and mitigate the impact of major breaches and failures.
  • Systems Development and Maintenance: ensure that adequate security is designed and built into IT systems.


Initially our priority will be to assess how you currently manage your information security before identifying key vulnerabilities and risks. From this point we will be able to make appropriate recommendations on how you can move towards achieving the ISO 27001 standard.

Our full portfolio of ISO 27001 related services include:

  • Initial business & information security policy review
  • Risk assessment
  • Gap analysis
  • Presentation of findings
  • ISO Awareness Training / Documentation Review / Implementation Plan
  • Ongoing Support

For a pre-ISO 27001 assessment and/or more details on how Xyone can help you achieve this standard, contact us today.


We are unique in the ability to work with businesses to take them through a three-step process to achieve security, compliance and certification, utilising strong relationships we have with consultants, auditors and certification bodies.

More info


We are able to offer independent cyber security consultancy, advice and coaching to help you identify the cyber security needs of your business and where we can recommend solutions, services and training to mitigate the cyber risk.

More info

Cyber Security Training

Cyber security training can help your staff to proactively reduce the risk of a cyber attack to your business. We offer training to your management, employees and mobile workers to raise awareness and protect your assets.    

More info

PCI DSS Compliance

If a business is set up to take credit cards by any mechanism - then it needs to be compliant. It is a common misunderstanding that small concerns handling only one or a few credit cards a year are exempt from these standards.

More info

ISO 27001 Compliance

By achieving the ISO27001 certification, you can demonstrate that you are operating at a best-in-class standard for your Information Security Management System (ISMS) for both paper and electronically based assets.

More info

ISO 27032 Compliance

ISO 27032 is part of the ISO 27000 series of standards and focuses explicitly on the guidelines for cyber security when implementing ISO 27001.

More info

Lexcel Compliance

Throughout the Lexcel standard there is reference to security of systems and the confidentiality of client data. In order to successfully achieve the Lexcel certification, a law firm should ensure it's assets are secure from external sources.

More info

Cyber Essentials Certification Body

Xyone Cyber Security are a qualified Certification Body, offering technical services, consultancy and support to help your business to implement Cyber Essentials and Cyber Essentials Plus.

More info