ISO/IEC 27001:2013

What is ISO 27001?

ISO 27001 is the International Standard for Information Security Management Systems (ISMS).

ISO 27001 provides the framework for a technology neutral, vendor-neutral management system that enables an organization to assure itself that its information security measures are effective.

Implementation of ISO 27001 is an ideal response to legal requirements and potential security threats such as:

Vandalism / terrorism
Viral attack

ISO 27001 is structured to be easily compatible with other management systems standards such as ISO 9001 and ISO 14001.

Who is ISO 27001 applicable to?

ISO 27001 is applicable to any organization where the misuse, corruption, or loss of its business or customer information could result in major commercial prejudice.

NQA has registered organizations to ISO 27001 in sectors as diverse as storage and warehousing, secure destruction, telecommunications, advertising, financial outsourcing and software development.

What are the benefits of ISO 27001?

Customer satisfaction – by giving confidence that their personal information is protected and confidentiality upheld.
Reduced operating costs – by decreasing down-time through incidents and ill health and reducing costs associated with legal fees and compensation.
Improved stakeholder relationships – by safeguarding the health and property of staff, customers and suppliers.
Legal compliance – by understanding how statutory and regulatory requirements impact the organization and its customers.
Improved risk management – through clear identification of potential incidents and implementation of controls and measures.
Proven business credentials – through independent verification against recognized standards.
Ability to win more business – particularly where procurement specifications require certification as a condition to supply.