SRM's ISO27001 services

Our ISO27001 service portfolio consists of a range of solutions designed to help you achieve or maintain the ISO27001 information security standard.

Our portfolio includes:

• ISO27001 Advisory Services
• On-site Information Security Officers and Managers
• Accreditation Liaison Services

If you're considering implementing ISO27001 then we can assist you by providing an initial assessment of how ISO27001 applies, could be implemented within your organisation.

Alternatively, even if your ISO27001 programme is already running, we can assist by providing you with an independent assessment of its integrity and guidance on how to resolve and improve upon any remediation issues.

For more information please download our services brochure >

What is ISO27001?

ISO27001 is the international standard that governs information security. Its purpose is to provide guidance and advice concerning how to protect and secure your organisation's data, especially its critical service data. The intention behind the standard is to help organisations identify, manage and reduce their information security risks. ISO27001 is set and managed by the International Organisation for Standardisation, an independent network of 157 member countries and based in Geneva, Switzerland.

When is the deadline and what are the penalties?

There is no specific deadline associated with ISO27001 - it is only a recommendation that your organisation implements and complies with ISO27001 because of the benefits it can bring. Increasingly though, many procurement departments (regardless of whether they are from the private, third or government sector) are listing ISO27001 compliance as part of their tendering criteria.

There are no official penalties relating to non-compliance with ISO27001 - compliance with it is a decision for the executive within each organisation to make according to their own operating conditions and strategy.

What are the benefits of complying with ISO27001?

There is a range of benefits but the most important is the assurance you will gain. By implementing and maintaining commitment to the ISO27001 standard you will be able to clearly demonstrate to the executive, employees, shareholders and customers alike that your organisation is paying due diligence and doing all it reasonably can to protect its data and related information resources.

Secondly, there is a very practical benefit to implementing ISO27001: it will help you to identify, manage and reduce the information security risks your organisation faces. This includes having the right security measures in place such as firewalls, passwords, physical access controls and an information security policy, all of which will not only help protect your customers' data but will help to prevent your competitors from getting hold of any sensitive business data crucial to maintaining your competitive edge.

Certification, improved security, reduced risk

The benefits of ISO27001 certification are clear: you will be able to demonstrate (privately and publicly) that your organisation has taken a proactive approach to managing its information security risks and that you have achieved a recognised standard. The level of confidence this can inspire in your organisation (from all parties) could be critical to its survival and success. Not only this, but your organisation may be better placed to win new contracts where ISO27001 is a mandatory requirement from service providers.

How we can help

Whilst SRM does not provide ISO27001 certification itself but we do work very closely with certification providers and can liaise with them on your behalf. This is particularly useful if you have limited resources or would like to ensure a smooth transition from implementation to certification because our experts are highly experienced at understanding how the ISO27001 certification process works and its requirements.

For more information and advice please get in touch >

What other information security standards or legislation are there?

There area number of important standards and pieces of legislation that relate to information security, these are:

• ISO 17799 (ISO27002) - the code of practice for information security management
• QSA - Qualified Security Assessor - relates to the PCI DSS
• BS 7858 - British Standard relating to screening and background checks.
• BS 25999 - British Standard relating to business continuity management.
• Data Protection Act - British legislation detailing how information relating to living people must be handled.
• HIPAA - US legislation protecting health insurance coverage for workers and their families when they change or lose their jobs.
• Sarbanes Oxley - US legislation that establishes new or enhanced standards for all US public company boards, management, and public accounting firms. It does not apply to privately held companies.

Depending on your organisation's sphere of interest these may or may not be applicable to your business activities.

For more information and advice please get in touch >