ISO 27001 is the internationally recognised standard for Information Security which is published by the International Organization for Standardization (ISO). The standard provides the framework for an effective Information Security Management System (ISMS). It sets out the policies and procedures needed to protect organisations and includes all the risk controls (legal, physical and technical) necessary for robust IT security management.
It is designed to cover much more than just IT. An important part of the Standard concerns data security across all areas of a business; whether it is online or offline. The Standard is suitable for businesses of all sizes, from startups to larger organisations.
WHAT IS ISO 27001?
The ISO 27001 is the international standard for Information Security Management Systems (ISMS). It is part of the ISO 27000 family of information security management standards.
ISO 27001:2013 is the most recent version of the standard. You can learn more about the ISO 27001 requirements here.
What is ISO 27001?
THE BENEFITS OF ISO 27001
Here are the top benefits of using the ISO 27001 framework:
Compliance: An Information Security Management system demonstrates your compliance with internationally recognised standards of information security, helping you to fulfil your legal obligations and comply with regulations (e.g. SOX).
Confidentiality: It keeps confidential information secure by putting in place robust security policies and access management, allowing for the secure exchange of information
Risk management: The Standard manages and minimises risk exposure, providing customers and stakeholders with confidence in how you manage risk.
Customer satisfaction: It enhances customer satisfaction which improves client retention.
Culture of security: Businesses get buy-in from your employees and stakeholders, building a culture of security
All-round-protection: It protects the company, assets, shareholders and directors.
HOW MUCH DOES ISO 27001 COST?
Prices will vary based on the size and complexity of your business.
To receive your personalised quote, simply fill in your details on the calculator below.
Your Quote Results
Problem
THE REQUIREMENTS OF ISO 27001
The standard uses a structure of ten clauses called Annex SL which when grouped cover the following four areas:
Management Responsibility – the areas within the ISMS that your management team need to focus on, be involved with and be accountable for
Resource Management – how resources such as people, infrastructure and facilities must be assigned to ensure the best possible performance
Information Security – details on how your business will operate in order to ensure that your systems and assets remain protected from unauthorised access or loss
Measurement, Analysis and Improvement – how you can determine if your Information Security Management System is working as expected, facilitating the continual improvement of your system
FREQUENTLY ASKED QUESTIONS
Who needs ISO 27001 and why is it important?
ISO 27001 is perfect for any organisation which wants to demonstrate their commitment to information security. The standard is applicable for startups, large organisations and everything in between.
What are ISO 27001 requirements?
There are four main groups of requirements for ISO 27001. The first set of requirements focus on management responsibility, the areas of your information management system in which your senior leaders need to be involved with. The second set of requirements focus on the management of resources; in other words, how you organise your staff, business infrastructure, facilities and equipment. The third group of requirements revolve around information security, which requires you to develop processes that protect both physical and digital information assets. The last group of requirements focus on measurement, analysis and improvement. This last set requires you to put in place processes that allow you to assess how well your management system is working, and what you can do to improve it.
Is ISO 27001 a legal requirement?
ISO 27001 is not a legal requirement. However, it is highly advisable for businesses who frequently process and store data to ensure protection against information security risks. Furthermore, some suppliers will specify certification to this ISO in their contracts.
How long will the ISO 27001 certification take?
From your first visit through to certification, the process for a business to obtain ISO 27001 certification can be as quick as 45 days, although this does of course depend on the size and complexity of your business.
How long does ISO 27001 certification last?
The initial certificate will last for one year and after a successful recertification audit, you will be issued a 3-year certificate. In order to maintain your certificate during this period, you are required to successfully undergo one mandatory audit a year.
What is the latest version of ISO 27001?
The current version of ISO 27001 is ISO/IEC 27001:2013 which was released in 2013 and reviewed in 2019
Source:
