The latest version of ISO 27001 was published at the end of October 2022. HPA is looking forward to enabling clients to achieve certification to the new version.
HPA have helped over 4,000 companies get registered to ISO Management System Standards and we can help you too.
Low cost and certification guaranteed
For a low-cost fixed price, we provide:
- Interest free payments for up to 12 months
- A full service, including design, documentation, implementation support, training and a preliminary audit
- Certification by an independent UKAS accredited assessment body
- Help to get you a Government grant (where available)
- A guarantee: we will support you until you achieve certification at no extra cost
What is ISO 27001?
ISO 27001 is an Information Security Management System (ISMS) standard which specifies how information security is managed. It is applicable to every type of organisation. Published in October 2005 by the International Organisation for Standardisation (ISO), the standard is not restricted to electronic records but includes written and all other forms of information storage and distribution. It ensures that access to any information is appropriately authorised and access is available to those who are authorised. It also helps preserve its integrity by assessing its accuracy and completeness.
What are the benefits of ISO 27001?
Depending on the nature of the organisation the benefits of ISO 27001 can include reducing the risk of costly information leaks, particularly commercially sensitive information. It can also provide an organisation with a competitive edge, reassuring customers and prospective customers that the organisation adheres to this professional standard. Lastly, ISO 27001 can make compliance with other systems easier, such as other international standards and specific customer driven requirements. The Standard can also have the positive benefit of making organisations reflect on their management structures, policies and procedures, with positive improvements made to the organisation with benefits far wider than just information security.
How do you go about fulfilling the elements of ISO 27001?
ISO 27001 is typically delivered in three steps that require organisations to:
- Create a management framework for information security management. This should detail the strategy, aims and objectives of information security within the organisation. This framework must have widespread management backing across all parts of the organisation.
- Identify and access information security risks. A methodical audit of security risks will allow the organisation to determine the appropriate actions and priorities for dealing with any risks or potential risks identified.
- Undertake the selection and implementation of controls to mitigate risks. These controls refer to the methods used in security risk mitigation and may include policies, practices and procedures, specific organisational structures and software implementations. These controls will vary according to how an organisation operates.
How do we achieve ISO 27001 certification?
Once all the requirements of ISO 27001 have been met, you can apply for certification. This should be carried out by a UKAS accredited certification body. The certification body will carry out the certification process in three stages:
- Stage 1 – this involves a review of your documentation including your policy, scope of the ISMS, risk assessment, risk treatment plan, Statement of Applicability, and security procedures. This will also include a review of the controls you have implemented to ensure that they are appropriate to the size and nature of your business.
- Stage 2 – this will be a full on-site audit to ensure that what happens in practice follows these documented procedures and that adequate records are being kept. Following a successful audit, a certificate of registration to ISO 27001 will be issued.
- Stage 3 – is the process of on-going auditing, known as surveillance visits. These are carried out by the assessment body once or twice per year to ensure that the procedures are being maintained.
ISO 27001:2022 Launched!
HPA has served over 4000 clients in a wide variety of industries across many sectors
Download our brochure
Find out more about how ISO management system standards can benefit your company.