This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Find out more here

Hide
Jump to navigation

ISO 27001 and Information Security

ISO/IEC 27001 (ISO 27001:2013) is the international Standard that describes best practice for an information security management system (ISMS). Accredited certification to ISO 27001 demonstrates that an organisation is following international information security best practices.

This page explains what ISO 27001 is and links to the products that will help your organisation when approaching an ISO 27001 implementation project, including our four packaged solutions >>

On this page

What is an Information Security Management System (ISMS)?
ISO 27001:2013
Free ISO27001 green papers
ISO 27001 and the UK Government’s Cyber Essentials scheme
ISO 27001 – a framework for compliance
ISO 27001 solutions

What is an information security management system (ISMS)?

An Information Security Management System (ISMS) is 'a systematic approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organisation's information security to achieve business objectives' (ISO/IEC 27000:2014).

It encompasses people, processes and technology, recognising that information security is not just about antivirus software, implementing the latest firewall or locking down your laptops or web servers. The overall approach to information security should be strategic as well as operational, and different security initiatives should be prioritised, integrated and cross-referenced to ensure overall effectiveness.

An ISMS helps you coordinate all your security efforts (both electronic and physical) coherently, consistently and cost-effectively.

ISO 27001:2013

ISO 27001, alongside its companion code of practice, ISO27002, sets out the technical specifications of an information security management system (ISMS). The newest version of the Standard is ISO/IEC 27001:2013, which supersedes ISO/IEC 27001:2005.

The International Accreditation Forum (IAF) has announced that, as of 1 October 2014, no more accredited certificates to ISO 27001:2005 will be issued. From that date, certification bodies may only issue certificates to the new version of the Standard, ISO 27001:2013.

The deadline for certification bodies (CBs) to transition from ISO 27001:2005 to ISO 27001:2013 has been set as 1 October 2015 by the IAF. Once transitioned, CBs will look to transition their clients promptly, and will carry out transition audits at their next scheduled surveillance visits.

If your ISMS is currently certified to the 2005 version of ISO 27001, then you need to act now to comply with the requirements of the 2013 version of the Standard. See our Transition Resources information page for further guidance >>

For all new product and service offerings related to ISO 27001:2013, please visit the ISO 27001 shop >>

Free ISO27001 Green Papers

We have published several authoritative green papers on ISO 27001. Click on the link below and download them for free today:

ISO 27001 and the UK Government’s Cyber Essentials scheme

The Cyber Essentials scheme is a key deliverable of the UK Government’s National Cyber Security Strategy/Cyber Programme, and was released on 7 April 2014. It aims to provide reassurances about cyber risk management to UK-based organisations, clients and partners, and to ensure that risk management practices have been independently tested and verified, where relevant.

The scheme provides a set of controls, based on ISO 27001, that organisations can implement to achieve a basic level of cyber security. Organisations can attain certification to two levels: Cyber Essentials and Cyber Essentials Plus. Certified compliance with the scheme will be required in certain government procurement contracts. Read more about ISO27001 and the Cyber Essentials scheme >>

ISO 27001 – a framework for compliance

ISO 27001 can help organisations create a framework for compliance with many regulatory standards, including:

  • Telecommunications Regulations Act 1998
  • Data Protection Act 1998
  • Computer Misuse Act 1990
  • The Human Rights Act 1998
  • The Regulation of Investigatory Powers Act 2000
  • The Copyright, Designs and Patent Act 1998
  • The Freedom of Information Act 2000 (public sector).

For more information on the benefits of ISO 27001, click here >>

ISO 27001 Implementation Solutions

ISO 27001 solutions

We have created four packaged solutions that will enable you to implement ISO 27001 at a speed and budget that is appropriate for your individual needs and preferred project approach.

Each fixed-price solution is a combination of products and services that can be accessed online and deployed by any company in the world.

Find out more about our ISO 27001 packaged solutions and which one is right for you.

ISO27001 Solutions

+44 (0) 845 070 1750
live chat support software