What is an ISMS?
An ISMS is a systematic approach to securing corporate information assets.
It consists of policies, procedures and other controls involving people, processes and technology.
download our free infographic.
To find out more about what an ISO 27001 information security management system is,
ISO 27001 and risk management
Risk management forms the cornerstone of an ISO/IEC information security management system. All ISO 27001 projects rely on regular information security risk assessments to determine which security controls to implement and maintain.
The Standard defines its requirements for the risk management process, including risk assessment and risk treatment, in Section 6.1.2.
ISO 27001 benefits
Recognised all around the world, ISO 27001 is one of the most popular information security standards in existence. The number of certifications has grown by more than 450% in the past ten years.
Implementing ISO 27001 helps you meet the information security requirements of laws such as the EU GDPR (General Data Protection Regulation) and the NIS Regulations (Network and Information Systems Regulations). This helps reduce the costs associated with data breaches.
Learn more about the benefits of ISO 27001 certification
Demonstrating GDPR compliance with ISO 27001 and ISO 27701
ISO/IEC 27701:2019 (ISO 27701) is an extension to ISO 27001, which expands its requirements to cover privacy management – including the processing of personal data/PII (personally identifiable information).
Implementing both ISO 27701 and ISO 27001 will enable you to meet the EU GDPR’s requirement for “appropriate technical and organisational measures” – as well as help you comply with many other data protection regimes.
Learn more about ISO 27701
How to implement an ISO 27001-compliant ISMS
Implementing an ISO 27001-compliant ISMS involves:
- Scoping the project
- Securing management commitment and budget
- Identify interested parties, and legal, regulatory and contractual requirements
- Conduct a risk assessment
- Reviewing and implementing the required controls
- Developing internal competence
- Developing the appropriate documentation
- Conducting staff awareness training
- Continually measuring, monitoring, reviewing and auditing the ISMS
Discover our ISO 27001 implementation checklist and solutions
Ready to simplify your security? Let’s get started
Having led the world’s first ISO 27001 certification project, we are the global pioneer of the Standard. Let us share our expertise and support you on your journey to ISO 27001 compliance.