Cookies policy

The SRM website uses cookies to store information on your computer. By continuing to browse this website you are agreeing to our use of cookies. Learn more

The cookies stored on your computer when using the SRM website are used to anonymously record your usage of the website using Google Analytics.

Please read our privacy policy for further information.

Cookies accepted

Thank you - you've accepted our cookies policy.

ISO27001 Lead Auditor & Pre-Audit preparation

What is it?

ISO 27001 is the international standard that describes best practice for an Information Security Management System (ISMS). ISO 27001 concentrates on policies and processes, including all legal, physical and technical controls involved in an organisation's information risk management processes.

Accredited certification to ISO 27001 demonstrates that an organisation is following international information security best practices.

The ISO27001 standard focuses on all business processes and business assets to reduce the risks posed to valuable company information. So not only does it focus on information technology, it also deals with other important assets held by an organisation. Namely, all information which is stored, processed or transmitted in a number of different ways; not all of these involve using information technology.

The ISO 27001 certification is specifically focused on the ISMS and measures how internal processes follow the ISO standard. An ISMS is a collection of policies, processes and procedures that provide the effective management of a rigorous security program and is therefore a requirement of ISO27001 to ensure that a complete and continuous program is achieved.

ISO 27002 provides best practice recommendations for use by those responsible for initiating, implementing or maintaining information security management systems. In effect it provides the necessary controls to make ISO 27001 possible.

Why undertake IS27001 compliance?

The key point is that the ISO standard, and ISO 27001 compliance in particular, lowers the risk of doing business. If a company is implementing ISO 27001, it means careful consideration has been given to what could endanger confidentiality, integrity and the availability of information. Once those risks are known, it is about ensuring that security measures have been implemented in order to decrease them to an acceptable level. Certification means a third party accredited independent auditor has performed an assessment of all processes and controls and confirms that operations are in alignment with the comprehensive ISO 27001 certification standard.

Undertaking compliance with ISO27001 can be a rather intimidating prospect.  It can be a long and rather costly process, depending on what level of pre-requisites are already in place and what further steps are needed to ensure they are put in place. So a number of major decisions need to be considered before committing to such an undertaking. Yet, despite this, the benefits are significant.

The value of ISO 27001 compliance is that it creates a robust environment to protect both staff and customer information assets. But of equal value is the fact that it also provides evidence to potential customers and partner organisations that a company takes information security seriously. This level of reassurance enhances reputation and delivers greater business opportunities.

What next?

Although compliance with IS0 27001 is not mandatory, it is a widely-recognised international security standard. Its value is that it shows a level of commitment to the safeguarding of both company and customer information assets and the reassurance that industry best practice controls for information security are being implemented.

The ISO standards require risk assessments to be conducted, together with the design and implementation of a comprehensive suite of information security controls and other forms of risk management to address company and architecture security risks on an ongoing basis. This will involve the implementation of any necessary changes to policies and processes (ISO 27001) and controls (ISO 27002).

SRM is experienced in all aspects of ISO27001 accreditation. Starting with a pre-audit which establishes a level of security readiness, using a gap analysis process to determine what gaps there are. From there, we are able to assist with any remediation activities that need to be undertaken and establish a detailed action plan roadmap. We provide guidance on the potential scope to include in an organisation’s ISO 27001 activities and identify the appropriate controls required to ensure accreditation is achieved.

Contact us

  • This field is for validation purposes and should be left unchanged.

Thanks, we've received your details.

We'll be in touch shortly to discuss your requirements. In the meantime, please download your exclusive free copy of SRM's Guide to Cyber Essentials below.

Download your free copy