ISO27001 Compliance

Information Security Management

ISO27001, like other ISO management system standards, certification to ISO27001 is possible but not obligatory. Some organizations choose to implement the standard in order to benefit from the best practice it contains while others decide they also want to get certified to reassure customers and clients that its recommendations have been followed. ISO does not perform certification.

What is ISO 27001?

ISO27001 is an Information security management standard that structures how businesses should manage risk associated with information security threats; including policies, procedures and staff training.

ISO 27001 is jointly published by the International Organization for Standardisation, and the International Electrotechnical Commission. Defined within the ISO 27001 standard are information security guidelines, requirements intended to protect an organisation’s data assets from loss or unauthorised access and recognised means of demonstrating their commitment to information security management through certification.

ISO27001, includes a risk assessment process, organisational structure, Information classification, Access control mechanisms, physical and technical safeguards, Information security policies, procedures, monitoring and reporting guidelines.

Contact Us