ISO 27001:2013
Information Security Management System
Standard brief
ISO/IEC 27001:2013 Information Security Management Systems standard ensures organizations keep information assets secure, by building an information infrastructure against the risks of loss, damage or any other threat to your assets. Companies that obtain ISO/IEC 27001 certification validate that the security of financial information, intellectual property, employee details, or information entrusted from third parties is being successfully managed and continually improved according to best practice approaches and framework.
Benefits
- Provides senior management with an efficient management process
- Provides you with a competitive advantage
- Reduces costs due to incident and threat minimization
- Demonstrated compliance with customer, regulatory and/or other requirements
- Sets out areas of responsibility across the organization
- Communicates a positive message to staff, customers, suppliers and stakeholders
- Integration between business operations and information security
- Alignment of information security with the organization’s objectives
- Puts forward true value through enhancement of marketing opportunities
Concepts
Technical controls are primarily implemented in information systems, using software, hardware, and firmware components added to the system. E.g. backup, antivirus software, etc.
Organizational controls are implemented by defining rules to be followed, and expected behaviour from users, equipment, software, and systems. E.g. Access Control Policy, BYOD Policy, etc.
Legal controls are implemented by ensuring that rules and expected behaviours follow and enforce the laws, regulations, contracts, and other similar legal instruments that the organization must comply with. E.g. NDA (non-disclosure agreement), SLA (service level agreement), etc.
Physical controls are primarily implemented by using equipment or devices that have a physical interaction with people and objects. E.g. CCTV cameras, alarm systems, locks, etc.
Human resource controls are implemented by providing knowledge, education, skills, or experience to persons to enable them to perform their activities in a secure way. E.g. security awareness training, ISO 27001 internal auditor training, etc.
ISO Certification
ISO 9001:2015
Quality Management Systems for all organisations of all sizes from all domains. Learn More
ISO 14001:2015
Environment Management Systems to ensure minimal environmental impact. Learn More
ISO 45001:2018
Occupational Health and Safety Management Systems for people safety. Learn More
ISO 22000:2018
Food Safety Management System to ensure safe food practices for your customers. Learn More
ISO 27001:2013
Information Security Management System for securing your organisation's information. Learn More
ISO 20000-1:2018
Information Technology - Service Management System to assist with smooth IT services. Learn More
ISO 13485:2016
Medical Devices - Quality Management System to ensure quality medical products. Learn More
ISO 17025:2017
Requirements for Testing and Calibration Laboratories to demonstrate competent operations. Learn More
ISO 50001:2018
Energy Management System framework to manage and reduce energy use and costs. Learn More
Let's Work Together
European Assessment and Certification Ltd.
19, Layton Crescent, Slough, SL38DP, UK.
Company Number 12819256
+44 7471 048859
info@e-ac.uk