ISO 27001 Certified Information Security Management System

Security is our business.  It therefore stands to reason that we should ensure that we adopt an appropriately rigorous control regime when it comes to protecting our own, and importantly, our clients’ information.

We have been independently assessed and certified as meeting the exacting requirements of ISO 27001 for our Information Security Management System (ISMS). The assessment, carried out by an accredited certification body, provides evidence to our customers, suppliers, employees and partners of our 100% commitment to securing the critical information assets that we hold; both our own and those of our clients. We have also demonstrated the commitment throughout the company to ongoing and continuous improvement. It provides evidence of the existence of an effective ISMS that satisfies the international standard, ISO 27001.

ISO 27001

ISO 27001 is the internationally recognised standard for managing information security in an organisation.

ISO 27001 demonstrates that an organisation has risk management processes and appropriately rigorous controls in place to protect the confidentiality, integrity and availability of its critical information assets. An important element of implementing ISO 27001 is the commitment of management and staff to not just maintaining, but also continuously improving the organisation’s security management and controls. An Information Security Management System independently certified as meeting ISO 27001 provides a high level of confidence that the organisation’s intellectual property, sensitive data, and personal information are protected and that the valuable customer and supplier records whose care is entrusted to the organisation are similarly secured.

It covers all processes within an organisation that control the way they do business and produce and deliver their products and services. It prescribes and ensures systematic control of all an organisation’s activities that are directed towards delivery of their product or service, ensuring their customer expectations and requirements are met. Also, importantly it mandates an organisation having formal processes for continuously monitoring and improving these processes. ISO 27001 is part of the ISO 27000 series and is the auditable standard in the ISO 27000 family.

The following 14 control objectives are covered by the ISO 27001 standard:

  • Information Security Policies
  • Organization of Information Security
  • Human Resources Security
  • Asset Management
  • Access Control
  • Cryptography
  • Physical and Environmental Security
  • Operations Security
  • Communications Security
  • Systems acquisition, development and maintenance
  • Supplier Relationships
  • Information Security Incident Management
  • Information Security aspects of Business Continuity Management
  • Compliance