Background shape

What is ISO 27001?

ISO 27001 is the internationally recognised Standard for Information Security.

How it works?

It sets out the policies and procedures you need to protect data and manage sensitive information. ISO 27001 helps you identify, prevent and address risks – so you can demonstrate that your business has the systems and controls in place to combat any threats to your data integrity.

  • Confidential information is kept secure
  • You gain a competitive advantage
  • Customers and stakeholders gain confidence in how you manage risk
  • Customer satisfaction increases, which improves client retention
  • Your legal obligations are met

    • How does ISO 27001 do this?

    icon

    You may already have a number of information security controls in place.

    icon

    However, making sure everybody is aware of your policies and that everyone follows them in the same way, can sometimes be difficult to manage.

    icon

    With the ISO 27001 Standard, you will have a robust framework to help you define, document, monitor and review, and update your security controls, ensuring they’ll be implemented consistently.

    How do I implement ISO-27001?

    • Define and implement an ISO 27001-compliant Information Security Management System (known as the ISMS)
    • Define the scope of the ISMS
    • Define a security policy, along with associated ISMS Policies
    • Conduct a risk assessment
    • Manage identified risks
    • Select control objectives and controls to implement and prepare a Statement of Applicability.

    What is a ISMS (Information Security Management System?

    How do I implement ISO-27001?

    • An Information Security Management System describes and demonstrates your organisation’s approach to Information Security. It includes how people, policies, controls and systems identify, then address the opportunities and threats revolving around valuable information and related assets. It is worth reinforcing that for ISO 27001 success, certainly for an independent certification, you need to implement and maintain a ‘management system.’ The clue really is in the title and components of a winning ISMS are described further below

    What does ISO 27001 cover?

    How do I implement ISO-27001?

    • It’s worth noting that ISO 27001 is designed to cover much more than just IT. An important part of the Standard concerns data security across all areas of your business, from the screening of new employees to determining the actions needing to be taken when they leave.

    Understand your risks. Reduce the impact. Protect your business.

    Apomatix’s Powerful Risk Management Software to help you understand, fix and manage all your organisation’s risks.

    Better together

    We have a range of products to help risk professionals. They are powerful alone – but work even better together

    Asset Manager

    Upgrade your information asset management

    Internal Control Manager

    Simplify your internal controls management process