In today’s competitive business environment, information is critical to the day-to-day operation, compliance and strategic planning of your business. As a vital business resource, its value means that it is constantly under threat from being deliberately or accidentally mis-used, damaged, lost or even stolen from individuals inside or outside the organisation.
As a result, organisations need to establish a comprehensive set of documented policies, processes and procedures to ensure the confidentiality, integrity and availability of business information. The majority of organisations already have a number of information security policies and controls however these tend to be fragmented and are often based on generic threats or past security incidents.
ISO 27001 (formerly BS7799) is recognised as the standard for information security management. It provides a framework to minimise the threats to Information and Communication Technology assets and the business. Other business benefits include:
The scoping of an ISO 27001 project is the fundamental part of any compliance or certification activity, whether it is your entire business or a specific unit, department or system(s).It is also important to define the needs and expectations of interested parties.
A risk assessment is completed to help the business understand the risks associated with confidentiality, integrity and availability for its assets and assess the threats against these, including the likelihood of their occurrence. In addition, a Risk Treatment Plan is produced to detail the security controls required to help mitigate against the identified threats, including which risks are reduced, accepted, avoided or transferred.
We perform a comprehensive assessment of your existing business processes and documentation before comparing them against those within the ISO 27001 standard. This helps you understand your current compliance position and the required corrective actions to comply with the standard.
The readiness assessment helps you understand how your organisation would perform against the ISO27001 audit. It focuses on how the organisation is performing against ISO27001, assessing the control objectives, processes, procedures and verifying that appropriate plans are in place to maintain and continually improve the Information Security Management System (ISMS).