ISO 27001, also known as ISMS (Information Security Management System), is the primary internationally recognised certification that will give both you and your
customers’ confidence in your company’s security and ability to handle and process customer and your own internal data in a secure manner. ISO 27001 lays down the requirements for a secure
information system that applies adequate and proportionate security controls that provide confidence to “interested parties”.
Designing an effective ISMS requires "the selection of adequate and proportionate security controls that protect information assets and gives confidence to interested
parties" (ISO 27001:2013). We follow the best practices identified in ISO 17799 / ISO 27002, where appropriate, to ensure an effective ISMS is implemented. Where appropriate, we also use best
practice included in other standards; such as ISO 22301 (Business Continuity Management) when addressing ISO 27001 requirements.
assist companies in identifying the “Business Case” for the ISMS. Clear understanding of this by client senior management assists in identifying a suitable boundary and scope for the ISMS ensuring it
meets the needs of “Interested Parties”. Regular review of the business case assists in ensuring an effective ISMS is maintained.
Risk identification and mitigation forms the basis of effective risk management. It is essential when preparing for assessing risks that a systematic approach is taken. This ensures
that another person performing the same risk assessment reaches the same conclusion.
We implement a semi-quantitative approach when assessing risks. Our solution, while simple, has been shown to be effective and appreciated by our clients. We see competitor tools
implemented in companies that are so complicated that specialist knowledge, and cost, are required as to how to use their tool.