ISO 27001 Overview

Information is critical to the operation of all businesses. Being certified to ISO/IEC 27001 will help you to manage and protect your valuable information assets.

ISO/IEC 27001 is a auditable standard, which defines the requirements for an Information Security Management System (ISMS). The standard is designed to ensure the selection of adequate security controls.

This helps you to protect your information assets and give confidence to your customers and suppliers. The standard has a process for establishing, implementing, monitoring, reviewing, documenting and improving your ISMS.

Management Requirements:

  • Systematically examine the organisation's information security risks, taking account of the threats, vulnerabilities and impacts;
  • Design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable; and
  • Adopt an overarching management process to ensure that the information security controls continue to meet the organisation's information security needs on an ongoing basis.

Who is it relevant to?

ISO/IEC 27001 is suitable for any business, large or small, in any sector. The standard is particularly suitable where the protection of information is critical, such as in the finance, health, public and IT sectors.

ISO/IEC 27001 is also highly effective for businesses who manage information on behalf of others, such as IT outsourcing companies: it can be used to assure customers that their information is being protected.


  • Demonstrates the independent assurance of your security systems
  • Independently demonstrates that applicable regulations and compliance are observed
  • Provides a competitive edge by meeting contractual requirements and demonstrating to your customers that the security of their information is taken seriously
  • Independently verifies that your business risks are properly identified, assessed, managed and information security processes and procedures are documented
  • Proves your senior management is commitment to the security of its information
  • The regular assessment process helps you to continually monitor your performance and improve

Our Approach:

  • Fully tailored preparation for ISO audits, our strengths are to quickly understand your business and the issues that affect you.
  • We can provide risk assessments and security audits to assess your current position.
  • We are a specialist security consultancy and we do no provide standard “off the shelf” software to scan networks.  Our philosophy is to offer meaningful audits with meaningful reports, with roadmaps that outline the current position along with future requirements.


Please call 01993 623 010 to find out how your company can benefit from our ISO 27001 service or e–mail requesting more information.