paint texture

What is ISO - 27001?

Need to understand what ISO – 27001 is? An overview of the main things you need to know can be found here.

Help & Support

Resource Center
How to use Risk Factory
Ask our Risk Expert
FAQs
What is ISO 27001?
What is PCI?
What is DPA?
Ringing Phone Icon paint texture

Need some help?

Speak to an expert. Contact our “Factory Foreman” and he can answer any questions you may have.

Call us on:
0800 978 8139
Contact Us

Need more information?

Browse through our factory foreman’s hand-picked resources.
View our resources

Seen our inventory?

Have a look at our full range of services to sort your governance, risk & compliance needs.
View our services
What is ISO – 27001

In a nutshell:

ISO 27001 is the standard created by the International Organization for Standardization (ISO) for implementing an Information Security Management System (ISMS) to protect business information. What’s an ISMS? It’s a framework for managing information security risks.

The standard outlines a system to identify and examine any security risks to the information your business processes and establish policies to manage those risks. The intention is to get you to design, implement, maintain and continually improve a set of controls and measures to manage any threats to your information assets. Do you know what your information assets even are?

The idea behind ISO 27001 is that you become a proactive business, not a reactive one. Planning ahead means you aren’t at risk of any threats that could prove, at best, embarrassing or, at worst, put your business at great risk, be it from legal, reputation or financial repercussions. Find out more about ISO 27001.

The standard also provides assurance, that your processes are current and effective. Improved processes are a massively underrated benefit of implementing ISO 27001. As your business grows, confusion regarding access, authorisation and accountability escalates. Consequently, implementing the standard can help you become a more productive business. It is written in a clear and direct language using a “plan-do-act-check cycle” that will ensure you can not only establish, but maintain a level of security appropriate to protecting your information assets.

Because it is well recognised, ISO 27001 is particularly credible when tendering for work. Within the public sector, information security is deemed essential, so following such an internationally-recognised standard could be the difference between winning and losing that vital contract. In fact, ISO 27001 gives an overall marketing edge against your competitors. Of course, it’s not all about winning new business, it’s just as important to be able to retain existing clients. Adding another string to your bow gives another reason for clients to stay with you.

But finally, and of course most importantly, ISO 27001 provides a proven framework for any business, regardless of industry, size or location to identify, minimise and manage the security risks to their sensitive data. It demands that you customise procedures to meet your existing business processes and objectives. This is what information security is all about.


Please consider updating your browser

This website has been designed using modern web technologies which unfortunately, are not supported by your browser. This means that many parts of the site will not function as intended.