ISO27001 is the answer to cyber security, says IT Governance’s CEO


Ely, England, 6 February 2012 – While the European Commission is tightening the data protection requirement and the UK and US Governments are shaping their cyber security strategies, organisations should be taking all the necessary measures to ensure their information is secure.

Alan Calder, CEO of IT Governance, says, “If you want a single solution to cyber security, you have to think ISO27001. ISO27001 is the international information security standard providing guidance for developing an information security management system (ISMS) that takes into account business and legal or regulatory requirements and contractual security obligations. If it is understood and implemented correctly, ISO27001 can serve as the most powerful weapon against cyber crime.”

“A cyber breach can lead to a cyber storm of destruction of corporate reputation and regulatory punishment. Shareholders are likely to take action for negligence.” continues Calder. “Moreover, organisations will have to reckon with the cost of compensation to customers and everyone else affected.  They will have to pay the cost of remediation and put in place the systems that they should have had there in the first place. And if they have had them they wouldn’t have to pay the high price for the rest.  

“Therefore, ISO27001 certification is increasingly adopted as best-practice information security management by larger organisations and governments around the world. ISO27001-compliance can give organisations and their employees a peace of mind, and it sends a very positive message to their shareholders and customers.”

Obtaining an ISO/IEC 27001 certification, like other ISO management system certifications, usually involves a three-stage audit process:

· Stage 1 is a preliminary, informal review of the information system management system (ISMS).

· Stage 2 is a more detailed and formal compliance audit, independently testing the ISMS against the requirements specified in ISO/IEC 27001.

· Stage 3 involves follow-up reviews or audits to confirm that the organisation remains in compliance with the standard.

The ISO/IEC 27001 consultancy service provided by IT Governance uses methodologies and tools that have been developed and honed over 10 years, ever since the company’s CEO Alan Calder and Steve Watkins, Director at IT Governance, led the world’s first successful certification to BS7799, the forerunner of ISO 27001.  IT Governance has supported in excess of 100 clients from various sectors through successful ISO27001 certification projects.

IT Governance also provides an ISO27001 Feasibility and Gap analysis consultancy service which is essential for anyone considering implementing an ISO 27001 project.

You can also e-mail IT Governance at  or telephone + 44 845 070 1750 to find out, free of obligation, what would be involved in achieving ISO27001 certification for your organisation.

This website uses cookies. View our cookie policy