ISO 27001 replaced the British Standard BS7799-2 and is the internationally recognised best practice standard for Information Security Management.
By achieving the ISO 27001 certification, you are able to demonstrate that you operate in line with a best-in-class standard for your Information Security Management System (ISMS) for both paper and electronically based assets. This standard has been created by the International Security Office (ISO) and the International Electrotechnical Commission (IEC).
The benefits of attaining ISO 27001 are:
The ISO 27001 audit covers a range of controls:
Security Policy: management of information security plus organisation of assets and resources.
Asset Classification and Control: you can only defend what you know you have.
Personnel Security: mitigate the risks of theft, fraud, human error or misuse.
Physical and Environmental Security: prevent unauthorised access, malicious damage and interruption to your organisation and its data.
Compliance: ensure you comply with any security requirements, criminal and civil law, statutory, regulatory or contractual obligations.
Communications and Operations Management: ensure correct procedures and the secure operation of data processing.
Access Control: control access to data and appropriate system assets
Business Continuity Management –protect business critical processes and mitigate the impact of major breaches and failures.
Systems Development and Maintenance: ensure that adequate security is designed and built into IT systems.
Initially our priority will be to assess how you currently manage your information security before identifying key vulnerabilities and risks. From this point we will be able to make appropriate recommendations on how you can move towards achieving the ISO 27001 standard.
Our full portfolio of ISO 27001 related services include:
Initial business & information security policy review
Presentation of findings
ISO Awareness Training / Documentation Review / Implementation Plan
For a pre-ISO 27001 assessment and/or more details on how Xyone can help you achieve this standard, contact us today.
We provide a comprehensive range of penetration testing, certification, information security consultancy and managed services for SMEs, public sector organisations and larger corporates looking to protect their business and enhance overall security of their IT systems.
Our specialists will help you identify and manage risks around your various data assets to give you, your employees and your customers much greater peace of mind.Hover over each section to find out more