Data Compliance Limited :: ISO 27001

By: Data Compliance  05/12/2011
Keywords: Iso, information security, Security Controls

Information security overview 

Information security is the protection of information from a wide range of threats in order to ensure business continuity, minimise business risk, and maximise return on investments and business opportunities.

Information is an asset that, like other important business assets, is essential to an organisation’s business and consequently needs to be suitably protected. This is especially important in the increasingly interconnected business environment. As a result of this increasing interconnectivity, information is now exposed to a growing number and a wider variety of threats and vulnerabilities.

Information security is achieved by implementing a suitable set of controls, including policies, processes, procedures, organisational structures and software and hardware functions. These controls need to be established, implemented, monitored, reviewed and improved, where necessary, to ensure that the specific security and business objectives of the organisation are met.

ISO 27001 – information security standard

ISO 27001 is widely recognised as the de-facto standard for benchmarking information security management systems.

ISO 27001 specifies requirements for the establishment, implementation, monitoring and review, maintenance and improvement of a management system - an overall management and control framework - for managing an organisation’s information security risks.

Bringing information security under management control is a prerequisite for sustainable, directed and continuous improvement.  An ISO 27001 ISMS therefore incorporates several Plan-Do-Check-Act (PDCA) cycles: for example, information security controls are not merely specified and implemented as a one-off activity but are continually reviewed and adjusted to take account of changes in the security threats, vulnerabilities and impacts of information security failures, using review and improvement activities specified within the management system. 

Data Compliance Ltd consultants have many years experience working with ISO 27001 and other information security standards.

Contact us for a free consultation.

Keywords: information security, Iso, Security Controls

Contact Data Compliance

Email - none provided

Print this page

Share

Other products and services from Data Compliance

05/12/2011

Data Compliance Limited :: Compliance Review

By helping staff understand the risks to information systems and by outlining their responsibilities of ‘due care’ in policies and procedures, you are not only mitigating risk of attack but are complying with obligations such as the Data Protection Act also.


05/12/2011

Data Compliance Limited :: Training

Our workshops are a practical method of developing policies and procedures.In a workshop environment, we provide guidance on the issues which should be considered when creating a data protection policy incorporating all eight data protection principles. Training is a necessary and valuable exercise to ensure people are familiar with data protection law and their obligations as data controllers and processors.


05/12/2011

Data Compliance Limited :: Implementation

Data Compliance Limited ease the pain of documenting controls by delivering a customised security and data protection compliance manual based on your specific business requirements. Controls considered to be essential to an organisation from a legislative point of view include,depending on applicable legislation. If you are a small business with limited resources, it may be difficult to realise where to start with information security.


05/12/2011

Data Compliance Limited :: Support

We provide an annual contract and dedicated account manager who will arrange regular on site visits to keep up to date with developments within your organisation and keep you informed of the latest developments within security and data protection law. Our support contract includes telephone support which could prove invaluable should a security incident occur and you need expertise at short notice.


05/12/2011

Data Compliance Limited :: Services

Data Compliance Limited’s professional service is designed to deliver assurance of ‘best practice’ in information security and achieve compliance with regulatory demands including Data Protection Law. Each service can be procured individually or as a complete package.