ISO 27001
ISO 27001 is the internationally recognised standard for Information Security Management.
Not just IT security, ISO 27001 takes a business risk approach to all information assets of the organisation and creates a framework for managing threats to those assets.
Key Themes of Information Security Management
Risk Assessment & Risk Treatment
The ISO 27001 standard takes a risk management approach to information security and therefore requires the organisation to define a risk assessment methodology.
Generally we would help you align this to ISO31000, the standard for risk management and/or ISO27005 the standard for information security risk management.
After assessing the threats to information assets, the standard provides 114 possible controls to apply, within Annex A.
Asset Management & Human Resources
Some of the controls in Annex A refer to the acceptable use of assets, classification of information and human resource processes such as screening and disciplinary policies.
We can help you define your organisation’s approach to these controls based on your existing arrangements.
Supplier Relationships with its suppliers, in particular those who have access to the organisation’s information.
We will help consider the risks associated with your suppliers and ensure suitable policies and procedures are in place to manage those risks.
Legal Compliance
ISO 27001 also requires consideration of legal and other requirements placed on the Organisation, and this is becoming more relevant as Data Protection Laws are evolving across Europe, America and the world.
Our legal compliance audit can help you identify the legislation that’s applicable to your organisation, and measure how effectively you are meeting those obligations.
Information Security Objectives & Continual Improvement
As with all management system standards, ISO 27001 looks for continual improvement of the system by setting measurable, achievable objectives which can be driven from the vulnerabilities identified in the risk assessment or more general business strategy.
Progressive risk and resilience business management management consultancy built for the digital age
info@qprotect.ukPrivacy policyCookie policyTerms of Use