Protecting information - your most valuable asset
Information is critical to the operation and perhaps even the survival of your organization. Being certified to ISO/IEC 27001 will help you to manage and protect your valuable information assets.
ISO/IEC 27001 is the only auditable international standard which defines the requirements for an Information Security Management System (ISMS). The standard is designed to ensure the selection of adequate and proportionate security controls.
This helps you to protect your information assets and give confidence to any interested parties, especially your customers. The standard adopts a process approach for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving your ISMS.
Who is it relevant to?
ISO/IEC 27001 is suitable for any organization, large or small, in any sector or part of the world. The standard is particularly suitable where the protection of information is critical, such as in the finance, health, public and IT sectors.
ISO/IEC 27001 is also highly effective for organizations which manage information on behalf of others, such as IT outsourcing companies: it can be used to assure customers that their information is being protected.
Next steps
For further information please request a quote, view details of our training offerings or contact us
Registering your ISMS against ISO/IEC 27001 can bring the following benefits to your organization:
- Demonstrates the independent assurance of your internal controls and meets corporate
- governance and business continuity requirements
- Independently demonstrates that applicable laws and regulations are observed
- Provides a competitive edge by meeting contractual requirements and demonstrating to your customers that the security of their information is paramount
- Independently verifies that your organizational risks are properly identified, assessed and managed while formalizing information security processes, procedures and documentation
- Proves your senior management’s commitment to the security of its information
- The regular assessment process helps you to continually monitor your performance and improve
Note: these benefits are not realized by organizations who simply comply with ISO/IEC 27001 or the recommendations in the Code of Practice standard, ISO/IEC 17799.
Next steps
For further information please request a quote, view details of our training offerings or contact us
We are experts in training as well as assessment and have a network of public and in-house courses dedicated to teaching you the skills you need before, during and after registration to the standard.
From a one-day introductory course, to implementation training or lead auditor courses, our network of public and onsite training can help you at every stage of the process. Our experience of how organizations of all types and sizes relate to the standard is unequalled - and we can deliver the training you need for understanding, implementing, assessing and certifying your information security management system.
We offer a comprehensive program of training courses covering every aspect of ISO/IEC 27001 for:
Delegates who are new to ISO/IEC 27001 and Information Security Management Systems
- Courses in awareness, understanding and implementing a new system.
Delegates who need to audit & improve an existing system
- Courses in auditing, assessing and improving an existing system
Next steps
For further information please request a quote, view details of our training offerings or contact us
If you’re already one of our clients and have various standards in place, your Client Manager can help you assess where you are now, and guide you through to the registration process.
If you’re new to BSI, don’t worry: it’s still a simple process.
2. Choose the standard
Before you can begin preparing for your application, you’ll require a copy of the standard. You should read this and make yourself familiar with it.
You can buy ISO/IEC 27001 and ISO/IEC 17799 online from us.
2. Make contact
Get in touch and tell us what you need, so we can sort out the best services for you. We’ll then give you a proposal detailing the cost and time involved in a formal assessment.
3. Meet your assessment team
We’ll assign you a Client Manager, who will be your main point of contact through the process – and beyond. They’ll have an excellent understanding of your business area and will support you as you move forward to the assessment and registration of your information security management system.
4. Consider training
Whether you’re seeking to implement a management system or would like to increase your general awareness of the standard, there are a range of workshops, seminars and training courses available. Read more about training.
5. Review and assessment
We can do a desktop review of your existing information security management system against the standard, and identify any omissions or weaknesses that need resolving before formal assessment. Once these have been addressed, we’ll conduct a full on-site assessment.
6. Certification and beyond
Once the assessment has been successfully completed, we’ll issue a certificate of registration, clearly explaining the scope of your registration. The certificate is valid for three years, and your assessor will visit you regularly to help you make sure you remain compliant, and support you in the continual improvement of your systems.
Next steps
For further information please request a quote, view details of our training offerings or contact us
