Wednesday, February 22, 2012
  Search

 

ISO27001 Introduction

Every business is subject to legal and regulatory compliance, as a minimum the Data Protection Act. How a business meets those obligations and those of general governance is through a Governance Framework. This can be bespoke but more and more often the industry standard framework of ISO27001 is being used to streamline the process and provide assurance.

What is ISO27001?

ISO27001 is a governance framework that implements an ISMS ( Information Security Management System ) based on risk management. The implementation of ISO27001 allows business to manage risk and data protection and certification of ISO27001 allows a business to demonstrate its industry standard approach and conformance to the same.

ISO27001 is a comprehensive information security management solution for businesses of all sizes.

Agenci ISO27001

Agenci delivers ISO27001 gap analysis and ISO27001 implementation. Every implementation meets the wider legal and regulatory needs of the business and delivers a cost effective solution that leads to ISO27001 certification. Those businesses that take the step to ISO 27001 certification are then able to communicate directly with customers on the ISO27001 capability of their business.

 

 

Agenci are experts in the implementation and certification of

ISO27001

 

 Call Us: 0207 397 8617

 

ISO 27001

ISO27001

The standard actually falls into two complimentary parts. ISO27001 and ISO27002. ISO27001 is designed to identify, manage and reduce the range of risks and threats faced by business. ISO27001 is a common sense, best practice, risk based approach to information security. 

ISO27001 Standard

ISO27001 [ISO/IEC 27001:2005 sets out the requirements for an Information Security Management System (ISMS) and the Risk Management from which it is derived and on which the ISMS is based. An ISMS is a systematic approach to managing the security of sensitive information and covers not only IT but also policy, processes and people. 

ISO27002

ISO27002 [ISO/IEC 27002:2005] (formerly ISO17799) provides a best practice, common and proven approach for developing high organisational security standards and effective security management practice. It provides for a series of best practice controls that organsations should deploy.

 

 

Standard

ISO27001 Certification

The process to certifiation

ISO27001 Gap Analysys

ISO27001 Implementation

ISO27001 Audit

ISO27001 Certification

ISO27001 Benefits

There are significant ISO27001 benefits. These include

  • now a requirement of many customers and suppliers
  • a business differentiator leading to competitive advantage
  • a demonstratable framework for meeitng legal and regulatory requirements
  • mature, repeatable, sustainable processes
  • reduction in incident and support costs
  • pro active managment of risk and reputation
  • putting a business in order to sustain and support growth

 

ISO 27001

ISO27001 and Regulatory Standards

ISO27001 can help UK business to create a framework for compliance with many legal and regulatory standards. All UK business have a duty to  comply with:

  • Data Protection Act 1998
  • Computer Misuse Act 1990
  • The Human Rights Act 1998
  • The Regulation of Investigatory Powers Act 2000
  • The Copyright, Designs and Patent Act 1998
  • Telecommunications Regulations Act 1998
  • The Freedom of Information Act 2000(UK public sector).

ISO27001 assists in the development of an information security management system that are part of and assist the delivery of some key internatial legala and regulatory compliance, such as in the US 

  • The Health Insurance Portability and Availability Act (HIPAA)
  • Sarbanes-Oxley Act (SOX)

 

ISO27001

How long does ISO27001 certification take

For a small business ISO27001 certification can take between 6 and 9 months, for a medium sized business ISO27001 certification can take between 9 and 18 months and for a large business ISO27001 certification can take between 12 and 24 months.

The cost of ISO27001

The cost of ISO27001 is significantly less than the cost of not implementing ISO27001 in todays competitive and data rich economic climate.

ISO27001 Compliance

ISO27001 Compliance is defined by achieving ISO27001 Certification with an appropriate ISO27001 Certification body. The issuing of a certificate and registering on associated website allows an organisation to demonstrate its compliance with the ISO27001 standard

Agenci

To dicuss your

ISO27001 gap analysis

ISO27001 implementation

ISO27001 certification

speak to an experienced, qualified practitionar today.

Call us on 0207 397 8617
Copyright 2011 by The Agenci Ltd