ISO 27001 - Information Security

What is ISO 27001?

ISO 27001 is the internationally recognised standard for Information Security. It focuses on regulating and improving the processes you have in place to ensure confidentiality and secure storage of essential information and documents.

Using this standard enables organisations of any kind to manage the Information security of the company’s assets such as financial information, intellectual property, employee details or information entrusted by third parties including customers.

Like other ISO management system standards, certification to ISO 27001 is possible through the continual improvement process and Plan, Do, Check, Act. Some organizations choose to implement the standard in order to benefit from the best practice it outlines while others decide they also want to get certified to reassure customers and clients that its information systems are secure, and that company have actioned any recommendations that have been questioned.

What Are The Benefits?

Avoid Data Breaches
Improved Recovery Time In The Event of a Breach
Provide Employee Training to Promote A Security Mindset

Establish Trust With Customers
Ensure Complaince With Government Legislation e.g. GDPR
Minimise Risks Through Early Identification and Mitigation

Why Choose Candy?

Expert Consultants

Our team have a minimum of 10 years of experience each within the ISO and health and safety industries. We're here to guide you through the processes and answer any questions you may have.

Guaranteed Certification

When you follow our guidance, you are guaranteed to achieve your ISO Certification.
We are proud to say we have a 100% sucess rate to date!

Timely Service

We make sure all of our services are provided promptly and within the specified timeframe given. We have a set day rate and will never charge you for the days you don't use.

Friendly Team

Our team are here to help, we want to ensure that you full understand your new management system and the importance of maintaining it in the future. No question is too silly, ask away!

Tailored to You

Our Flexible 3 Step Process

Gap Analysis

We will complete a thorough gap analysis and review of your business processes to understand how best to implement an ISO compliant management system.

Build The System

Working with your management team we will build your new management system and where possible align to your existing processes to avoid disruptive change.

Implementation

We will train your workers on the new system and how to maintain it so that you remain compliant. We will also assist you in your preparation for third-party certification audits.

FAQ

How Does ISO 27001 Work?

27001 works by creating structured, consistent procedures to ensure information security. It is implemented with the help of an expert consultant who will advise you on each individual clause. Once the information security management system has been implemented, it is time to be reviewed by a separate, third-party auditor. They will examine the procedures you have in place and gauge your compliance, if they are happy that you have met all of the requirements of the standard, they will award you with certification and then visit each year to conduct a surveillance audit and every three years to re-certify you.

The Requirements Explained

Context of the Organisation

Before developing processes or procedures we need to understand the business in regards to how it is run and what factors can hinder or contribute to the running of it, in other words, what does the business do? In determining the context we will identify internal and external issues, interested parties and the scope of the Information Security Management System.

Leadership

The leadership clause requires the company’s top management to actively lead the Information Security Management System and be able to demonstrate this through policies and responsibilities. Leadership has an emphasis on customer focus with specific applications ranging from support for customer regulatory requirements, risks to enhancing customer satisfaction.

The top management’s responsibilities include establishing and communicating a quality policy, the importance of the ISMS and assigning responsibilities to ensure the ongoing effectiveness of the Information Security Management System.

Planning

Planning addresses the process of determining the activities required to achieve the desired goal. It requires critical thinking about the risks that may occur in future and addressing these through adequate control measures. Companies are required to take a risk-based approach and plan for the uncertainties proactively to prevent undesired effects.

Another aspect of planning is to identify objectives that can be used to monitor and track the progress made.

Support

The company is required to determine and provide the resources needed for the establishment, implementation, maintenance, and continual improvement of the Information Security Management System. In doing so the organisation should consider the capabilities of, and constraints on, existing internal resources and what needs to be obtained from external providers. This will include people, infrastructure, the working environment, monitoring and measuring resources, organisational knowledge, competence & awareness, communication, documented information.

Operation

Plan, implement and control the processes needed to meet the requirements for the provision of products and services and to meet the requirements of the Information Security Management System. These include aspects of design, control of externally provided processes, production and service provision, the release of products and services and control of nonconforming outputs.

Performance Evaluation

Assessment of the company’s own performance in meeting customer and regularity requirements as well as its performance in meeting the requirements of its own Information Security Management System and the ISO 27001 standard. These will include activities such as, establishing what needs to be monitored and measured, customer satisfaction, analysis and evaluation of data, completing internal audits and top management carrying out a formal review on the performance of the ISMS.

Improvement

Determine and select opportunities for improvement and implement any necessary actions to meet customer requirements to enhance customer satisfaction. These activities may also include improving products and services to meet requirements and address future needs and expectations, correcting, preventing, or reducing undesired effects, improving the performance and effectiveness of the Information Security Management System and investigating and correcting non-conformance.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

More Information

Our Standards

Candy Box

Request a Call Back

Get In Touch