Data is one of the most valuable assets any business has today. Our dependence on information systems and services means organisations are more vulnerable to security threats than ever before. Keeping your data secure – whether its customer, staff or supplier data – is critical in most businesses, but most especially those dealing with sensitive data. Data security is a hot topic in the media so ISO 27001 not only protects your business against hackers but also safeguards your reputation.
Many of our clients are blue chip organisations that need confidence in their suppliers’ security processes, for example, if we’re emailing sensitive blueprints and plans on new projects, they want to know we’re doing whatever it takes to protect their data. While we already operate to many of the standard’s requirements, securing ISO 27001 helps maintain their trust and win the trust of new clients.
Dawn Clempson, Murray & Willis
What is ISO 27001?
ISO 27001 sets out the requirements of information security management systems. It is part of the ISO 27000 family of standards relating to information and cyber security and offers a comprehensive set of controls, based on best practice in information security.
Similar to the other management standards, it is suitable for organisations of all sizes. 70% of small businesses believe they are not a target for any data theft or misuse; it is a problem for either larger businesses or only those in the financial sector – this is simply not true.
Any business holding data on individuals or companies can be a target for fraud, theft, misuse or abuse, resulting in a long lasting loss of reputation and if a company’s systems are found negligent at keeping data secure, then it can result in prosecution.
Every business believes they have insurance to cover eventualities such as fraud and theft, but they don’t realise they also owe a duty of care which if not exercised can lead to any insurance claim being declined.
ISO 27001 helps organisations to treat data security seriously, putting in systems and processes to guard against the risk of security breaches or misuse of data. It works with your business and the kind of data it holds, whether that is bank account details, staff records, passwords, or client confidential information.
How will ISO 27001 help my business?
At the most simple level it will give your clients and suppliers the confidence to trust your organisation with the safe keeping of their data. It demonstrates corporate due diligence and shows compliance with regulatory and contractual requirements regarding data security, privacy and IT governance.
In common with the other management standards ISO 27001 is not a one-off exercise. Regular audits ensure your organisation continues to meet its obligations regarding data security and keeps your staff focused on the importance of complying with standards.
Why do I need certification?
Independent audit is a critical part of the ISO concept as it adds objectivity and credibility into the process. Self-regulation is critical for the ongoing success of any ISO, but it is independent audit that proves without a doubt that the ISO standard has been properly embedded throughout your organisation.
How does my business gain ISO 27001 certification?
Most businesses start their ISO journey with 9001 as this puts into place quality management systems and processes which can be further developed to incorporate data security or other standards.
The certification process is very similar to ISO 9001, working on the principles of:
“Say What It Does” – document day to day operating procedures and systems
“Do What It Says” – work in accordance with those procedures and systems
“Prove It” – with a certification audit which confirms, from records, that the procedures and systems meet the requirements of ISO 27001 and are operated in accordance with the standard.
How can IMSM help my business gain ISO 27001 certification?
Our experienced assessors work with the systems and processes in your business, to ensure the implementation of ISO 27001 really does fit the way your organisation uses its data. With a fixed fee and flexible approach, our assessors are focused on making standards work in your business.
Find out more!
Read about the Impact ISO 27001 has had in other businesses
Find out about our approach to making it simple, with our simple steps to ISO certification
Read about the IMSM difference and our experienced assessors
Take the next step, and meet an assessor for a no obligation assessment of your businesses needs
How are other businesses using ISO 27001:2013 to their advantage?
Dawn Clempson, HR and Training Manager, Murray & Willis
IMSM has become an invaluable part of the Murray & Willis team. “We have a great relationship with our Assessor from IMSM. They understand how we work and they are only an email away if we have any questions. Our Area Manager from IMSM, has also been exceptional, sourcing a lot of background information for me. They know exactly how to tie everything together.