ISO 27001 Certification
ISO 27001 is a set of security standards developed by the International Standards Organisation and formally specifies a management system (ISMS) that is intended to bring information security under explicit management control. Organisations that claim to have adopted ISO 27001 can be formally audited and certified compliant with the standard.
The benefits of ISO 27001 are significant and easily outweigh the cost of having a professional information management system. The Return on Investment can be much more attractive than most business growth initiatives, especially if an organisations survival is dependent on having an ISMS that stakeholders can trust or it’s required to meet a regulation.
The 14 controls of ISO 27001
ISO 27001 requires in depth information security measures to be in place, which when implemented correctly, will significantly reduce the level of vulnerability to external cyber-attacks.
- A.5 Information security policies – controls on how the policies are written and reviewed
- A.6 Organization of information security – controls on how the responsibilities are assigned; also includes the controls for mobile devices and teleworking
- A.7 Human resources security – controls prior to employment, during, and after the employment
- A.8 Asset management – controls related to inventory of assets and acceptable use; also for information classification and media handling
- A.9 Access control – controls for the management of access rights of users, systems and applications, and for the management of user responsibilities
- A.10 Cryptography – controls related to encryption and key management
- A.11 Physical and environmental security – controls defining secure areas, entry controls, protection against threats, equipment security, secure disposal, Clear Desk and Clear Screen Policy, etc.
- A.12 Operational security – lots of controls related to the management of IT production: change management, capacity management, malware, backup, logging, monitoring, installation, vulnerabilities, etc.
- A.13 Communications security – controls related to network security, segregation, network services, transfer of information, messaging, etc.
- A.14 System acquisition, development and maintenance – controls defining security requirements, and security in development and support processes
- A.15 Supplier relationships – controls on what to include in agreements, and how to monitor the suppliers
- A.16 Information security incident management – controls for reporting events and weaknesses, defining responsibilities, response procedures, and collection of evidence
- A.17 Information security aspects of business continuity management – controls requiring the planning of business continuity, procedures, verification and reviewing, and IT redundancy
- A.18 Compliance – controls requiring the identification of applicable laws and regulations, intellectual property protection, personal data protection, and reviews of information security
Help with ISO 27001
Plexure UK can help your business get ready for ISO 27001 Certification including pre-audit checks and gap analysis.
Gap Analysis
An ISO 27001 gap analysis provides a high-level overview of what needs to be done to achieve certification and enables you to assess and compare your organisation's existing information security arrangements against the requirements of ISO 27001.
Improve existing controls
You might have existing policies and procedures in place but perhaps these are outdated or missing requirements set out in new laws, legislation.
Introduce missing controls
If you are missing any controls of ISO 27001, this would be a major non-conformity and likely result in an audit failure. Identifying missing controls will help you pass audit and gain ISO 27001 certification.
Gain Certification with Plexure UK
Although Plexure UK are not a Certification Body for ISO 27001, we do have an ISO 27001 Certified Lead Auditor who can help you get ready for certification.
⦿ Professional Service
⦿ Expert Advice
⦿ Reliable and Affordable Service
© 2020 All rights reserved. Plexure UK Ltd. Registered UK Company No. 06458567 and VAT Registered No. 351827788