|
ISO 27001 is a worldwide recognised standard for information security
management. It is relatively new, being first published in 2005, which is
why the current version is known as ISO 27001:2005. The standard applies
to organisations who wish to assess their information security risks and
implement ways of addressing them.
This page covers information regarding our ISO 27001 certification
service as well as the history of the standard itself. Use the links below
to jump to a particular section of the page.
The ISO/IEC 27000 series consists of information security standards
published by the International Standards Organisation (ISO) and the International Electrotechnical Commission (IEC).
The series is designed to give best practice recommendations on
information security management including risks and controls within the context of
an overall Information Security Management System (ISMS), in a similar way
to management systems for quality assurance (ISO
9000) and environmental protection (ISO
14000).
There are seven published standards within the ISO 27001 family, with
ISO 27001 being the standard organisations can be certified to. ISO 27001
can be traced back to the British Standard 7799, which was published in
1995. Originally written by the DTI, after several revisions ISO took it
on as ISO/IEC 17799.
There was a second part to BS 7799 which formed the implementation of
an ISMS. This element was what ISO 27001
became in November 2005. In the same year ISO 27001 was published, a third part of BS 7799 was
released. This covers risk analysis and management, aligning with the ISO
27001 standard.
The basic objective of the standard is to help establish and maintain
an effective information management system, using a continual improvement
approach. It implements OECD (Organisation for Economic Cooperation and
Development) principles, governing security of information and network
systems.
< Back to top
Most organisations want
ISO 27001 certification to qualify for a tender
or to achieve preferred supplier status: typically for a Local Authority.
However, there are many other benefits that can be added to these,
including: 1. Better management of information security risks, now and in the
future
2. Increased access to new customers and business partners
3. Demonstration of legal and regulatory compliance
4. Potential for reduced public liability insurance costs
5. Overall cost savings (reduced errors and re-work) In addition, ISO 27001 is designed to be
compatible with other management system standards such as ISO 9001
(Quality), ISO 14001 (Environment) and OHSAS 18001 (Occupational Health &
Safety). All or any combination of these complementary standards can be
integrated seamlessly. They share many principles, so choosing an
integrated management system can provide you with outstanding value for
money. If you would like an integrated management system, comprising all
or a combination of standards, simply let us know your requirements and we
will work with you to develop the right solution for your needs.
< Back to top
STEP 1: Preparation
Realistically, if you are new to the ISO 27001
standard, then you are going to need some guidance. Once contact is made,
we'll discuss your requirements with you and suggest the solution that
best suits your needs. After assessing your needs we will give you a fixed
price quotation so that you know exactly how much your registration will
cost. Your quotation will be based upon your company profile and an
assessment of your needs. To get the ball rolling, simply call us on 0800
404 7007 or email us an enquiry.
STEP 2: Application
Once you decide to go-ahead, we'll assign a Lead Assessor to you. He or
she will be your principal contact throughout the registration process and
beyond. They will build-up detailed knowledge of your business and will be
able to answer any question you may have.
STEP 3: Pre-Audit Assessment (known as Stage 1)
Your Lead Assessor will visit you to explain the standard and undertake
a gap-analysis of your current arrangements for information security management. You
will then receive a detailed report including any required actions.
Together, you will then determine the appropriate timetable for your Audit
Assessment. Many organisations benefit from a pre-assessment ‘dry run’ and
your Lead Assessor will be able to discuss this with you.
STEP 4: Audit Assessment (known as Stage 2)
Once you are ready for your formal Audit Assessment, your Lead Assessor
will make the required arrangements for you. On completion, you will be
informed of the Auditor's recommendation before he or she leaves your
premises.
STEP 5: Registration & Certificate
Following the independent Auditor's recommendation, your registration
will be formally confirmed. Soon after, your certificate of conformity to
the ISO 27001 standard will be issued and sent to you.
STEP 6: Continual Assessment
Having achieved certification, you will want to maintain your
registration and your Lead Assessor will remain on hand to undertake the
required annual reviews to ensure you continue to meet the requirements of
the ISO 27001 standard.
< Back to top
OUR CREDENTIALS
Our reputation was established in 1969 as a division of Salford
University Business Services. In 1997 the Secretary of State for Trade
and Industry approved use of the word 'British' in our corporate title
in recognition of our pre-eminent
status. All of our assessors and auditors are professionally trained and
have a business background, so you can count on their practical and
business-friendly approach. Our client portfolio is a good mix of public
and private sector organisations, as well as institutes, charities and trade bodies.
Our pre-eminent status is your guarantee of quality and we have been a
recognised Investor in People since 1999. Please visit the
References page
to view past and existing clients.
< Back to top
We like to provide our clients with a fixed price because we know that
day rates have a habit of going over budget! We will calculate the cost
of your pre-assessment based on the size of your organisation; e.g. annual
turnover, the number of sites you have and the number of employees, etc.
In all cases, we will provide you with a fixed price quotation. To
obtain your fixed price ISO 27001 quotation, please call us Monday to Friday between the hours of 09:00 to
17:30 or use the Quotation Form using the link below.
Remember, we have a Price Match Promise! We will not be beaten on any like
for like quote.
< Back to top |
