ISO 27001 Information Security Management System


There are numerous ways an organisation can protect against cyber-crime. Choosing an internationally recognised standard that provides an auditable method of monitoring, protecting and managing information is one option. Achieving ISO 27001 certification provides a framework of policies and procedures that will help prevent a security breach and limit the impact of a cyber-attack. Using experienced consultants, you will be guided through the process, identifying any risks and tailoring the management process to your individual requirements. This will help to keep costs and disruption to a minimum should an incident occur. Other benefits include:

Customers and business partners will have more confidence in your ability to keep their information safe.

Continuity of supply following an attack.

More reliable systems for storage of information.

ISO 27001 provides for a regular auditing procedure so you can continually improve your processes and keep up to date with the latest security measures to stay one step ahead of the criminals.   This is not the first time we have written about the vulnerability of businesses to cyber-attacks and the latest government survey does nothing to allay those fears. Though the statistics show that incidents of cyber-crime have reduced slightly, the costs of dealing with these breaches has almost doubled. The following statement has been taken from the 2010 to 2015 government policy paper published 7th May 2015. “81% of large corporations and 60% of small businesses reported a cyber-breach in 2014. With the cost for the worst cyber-security breach estimated between £600,000 to £1.15 million for large businesses and £65,000 to £115,000 for smaller ones, the government must look at new ways to protect businesses and make the UK more resilient to cyber-attacks and crime.” Businesses affected by cyber crime There have been some high profile cases: eBay Hackers managed to access an eBay corporate account to gather user’s personal information. JP Morgan Chase A neglected server provided access to contact details for its account holding customers. Home Depot Payment systems were infected with malware that allowed hackers to steal credit card details. Employees’ responsibility It is not just about server access; employees are much more mobile these days and carry around company information on laptops and mobile phones. Data is stored on removable media which can be copied or lost. Malware can infect company computers and mobile phones. To protect against these risks, you will need to establish policies to ensure employees know what they should and shouldn’t do. So for a review of your data security and implementation of the ISO 27001 system call us on 07900 558547.