ISO 27001:2013

Information Security Management System

Standard brief

ISO/IEC 27001:2013 Information Security Management Systems standard ensures organizations keep information assets secure, by building an information infrastructure against the risks of loss, damage or any other threat to your assets. Companies that obtain ISO/IEC 27001 certification validate that the security of financial information, intellectual property, employee details, or information entrusted from third parties is being successfully managed and continually improved according to best practice approaches and framework.

ISO 27001-2013


  • Provides senior management with an efficient management process
  • Provides you with a competitive advantage
  • Reduces costs due to incident and threat minimization
  • Demonstrated compliance with customer, regulatory and/or other requirements
  • Sets out areas of responsibility across the organization
  • Communicates a positive message to staff, customers, suppliers and stakeholders
  • Integration between business operations and information security
  • Alignment of information security with the organization’s objectives
  • Puts forward true value through enhancement of marketing opportunities


Technical controls are primarily implemented in information systems, using software, hardware, and firmware components added to the system. E.g. backup, antivirus software, etc.

Organizational controls are implemented by defining rules to be followed, and expected behaviour from users, equipment, software, and systems. E.g. Access Control Policy, BYOD Policy, etc.

Legal controls are implemented by ensuring that rules and expected behaviours follow and enforce the laws, regulations, contracts, and other similar legal instruments that the organization must comply with. E.g. NDA (non-disclosure agreement), SLA (service level agreement), etc.

Physical controls are primarily implemented by using equipment or devices that have a physical interaction with people and objects. E.g. CCTV cameras, alarm systems, locks, etc.

Human resource controls are implemented by providing knowledge, education, skills, or experience to persons to enable them to perform their activities in a secure way. E.g. security awareness training, ISO 27001 internal auditor training, etc.

ISO Certification

ISO 9001:2015

Quality Management Systems for all organisations of all sizes from all domains. Learn More

ISO 14001:2015

Environment Management Systems to ensure minimal environmental impact. Learn More

ISO 45001:2018

Occupational Health and Safety Management Systems for people safety. Learn More

ISO 22000:2018

Food Safety Management System to ensure safe food practices for your customers. Learn More

ISO 27001:2013

Information Security Management System for securing your organisation's information. Learn More

ISO 20000-1:2018

Information Technology - Service Management System to assist with smooth IT services. Learn More

ISO 13485:2016

Medical Devices - Quality Management System to ensure quality medical products.  Learn More

ISO 17025:2017

Requirements for Testing and Calibration Laboratories to demonstrate competent operations. Learn More

ISO 50001:2018

Energy Management System framework to manage and reduce energy use and costs. Learn More

Let's Work Together

European Assessment and Certification Ltd.
19, Layton Crescent, Slough, SL38DP, UK.
Company Number 12819256

+44 7471 048859

12 + 10 =