ISO 27001, the international information security standard
What is ISO 27001?
ISO 27001 (formally known as ISO/IEC 27001:2013) is the international standard that provides the specification for a best-practice information security management system (ISMS).
It is one of the most popular information security standards in the world, with certifications growing by more than 450% in the past ten years.
The Standard’s framework is designed to help organisations manage their security practices in one place, consistently and cost-effectively. It is technology and vendor neutral and is applicable to all organisations irrespective of their size, type or nature.
ISO 27001 enables compliance with a host of laws, including the NIS Regulations (Directive on security of network and information systems) and the EU GDPR (General Data Protection Regulation).
While ISO 27001 offers the specification, the Standard is supported by its code of practice for information security management, ISO/IEC 27002:2013.
What is an ISMS?
An ISMS is a systematic approach consisting of processes, technology and people that helps you protect and manage all your organisation’s information through effective risk management.
Organisations that implement an ISMS will be able to secure information in all its forms, increase their resilience to cyber attacks, adapt to evolving security threats and reduce the costs associated with information security.
To find out more about what an ISMS is, download our free information security management system (ISMS) PDF.
ISO 27001 benefits
Protect your data, wherever it lives
An ISO 27001-compliant ISMS helps protect all forms of information, whether digital, paper-based or in the Cloud.
Reduce costs associated with information security
Thanks to the risk assessment and analysis approach of an ISMS, organisations can reduce costs spent on indiscriminately adding layers of defensive technology that might not work.
Increase your attack resilience
Implementing and maintaining an ISMS will significantly increase your organisation’s resilience to cyber attacks.
Respond to evolving security threats
Constantly adapting to changes both in the environment and inside the organisation, an ISMS reduces the threat of continually evolving risks.
Improve company culture
The Standard’s holistic approach enables employees to readily understand risks and embrace security controls as part of their everyday working practices.
Learn more about the benefits of ISO 27001 certification >>
How to implement an ISO 27001 compliant ISMS
Implementing an ISO 27001-compliant ISMS will include the following key elements:
- Scope the project
- Get board commitment and secure budget
- Identify interested parties, and legal, regulatory and contractual requirements
- Conduct a risk assessment
- Review and implement the required controls
- Develop internal competence
- Develop management system documentation
- Conduct staff awareness training
- Measure, monitor, review and audit the ISMS
- Get certified
Discover our ISO 27001 implementation checklist and solutions >>
Ready to simplify your security? Let’s get started
Having led the world’s first ISO 27001 certification project, we are the global pioneers of the Standard. Let us share our expertise and support you on your journey to ISO 27001 compliance.
Browse our range of best selling products and services.
How IT Governance can help you
- Our implementation methodology has been honed over 15+ years.
- We are known as global authorities of ISO 27001 - our management team led the world’s first ISO 27001 certification project (formerly known as BS 7799).
- We offer everything you need to implement an ISO 27001-compliant ISMS – you don’t need to go anywhere else.
- You are assured of a 100% guarantee of successful certification (provided you follow our advice!).
- You benefit from real-world practitioner expertise, not just academic knowledge.
- We have trained more than 7,000 professionals on ISO 27001 implementations and audits worldwide
- We’ve helped more than 600 consultancy clients achieve certification and compliance to ISO 27001.
- We have a proven and pragmatic approach to assessing compliance with international standards, no matter the size or nature of your organisation.
- Our pricing and proposals are completely transparent, so you won’t get any surprises.
- We can help small organisations prepare for ISO 27001 certification in 3 months.
Speak to an expert
One of our qualified ISO 27001 lead implementers are ready to offer you practical advice about the best approach to take for implementing an ISO 27001 project and discuss different options to suit your budget and business needs.