All companies hold information of some type: marketing data, accounts data to end user information but how do you protect it all? ISO27001 is an international standard in Information Security. It sets out what an Information Security Management System should look like from organisation context, leadership, planning and so on.
27001 follows the international "Annex SL" format of all new ISO standards with the "Plan Do Check Act" cycle. Where this differs to all other standards is the annex of 114 controls to help you controls risks to your organisations information security. These range from HR controls, documented policies, anti-virus and physical security controls to name but a few. Annex A can be tricky to navigate but ISM can help plan, implement, audit and get your business accredited to ISO27001 to help you win new business and protect your information.
The Scary Part..
Companies often want ISO27001 to grow or win contract tenders that require some form of information sharing. Other businesses want to demonstrate best practices or have already been fined by the Information Commissioners Office (ICO) for an information security breach. Under new GDPR laws commencing May 2018 a business can be fined up to £500,000 or up to 4% of global turnover if your company fails to comply with the Data Protection Action (DPA) or new General Data Protection Regulation (GDPR). Even if you don’t need or want 27001, the ICO have set out best practices for protecting your data (check out the website) or event better contact us for help.
There is hope!
Most forward thinking companies are already good with information and protecting its confidentiality, integrity and availability but would like help making sure they have properly understood the risks. ISM offer a bespoke package to help your organisation achieve its goals and protect your company information.