- Baseline Assessments
- Management Systems
- Management Standards
- Acorn Scheme / BS 8555:2003
- AS 9100/AS 9120
- BRC Gap Analysis
- ISO 22301
- BS OHSAS 18001:2007
- FSSC 22000:2010
- ISO 9001:2008
- ISO 13485:2003
- ISO 14001:2004
- ISO 22000:2005
- ISO 50001:2011
- ISO/IEC 27001:2005
- ISO/TS 16949:2009
- National Highway Sector Schemes
- PAS 43:2012
- PAS 2030:2012
- Security Codes of Practice
- Sustainability Assessed Scheme
- The TickIT Guide
- Product Certification
- MCS Product Certification
- Bespoke Solutions
- EcoCampus Scheme
ISO 27001 is the International Standard for Information Security Management Systems (ISMS).
It is based largely upon the previously adopted BS 7799 used commonly since 1995 for managing information security.
ISO 27001 provides the framework for a technology neutral, vendor-neutral management system that enables an organisation to assure itself that its information security measures are effective. This includes the continued accessibility, confidentiality and integrity of its own information and that of its stakeholders as well as legal compliance.
Implementation of ISO 27001 is an ideal response to legal requirements and potential security threats such as:
- Vandalism / terrorism
- Viral attack
ISO 27001 is structured to be easily compatible with other management systems standards such as ISO 9001 and ISO 14001. Whilst there are some clause numbering differences, common elements include documentation, review and audit requirements, enabling an organisation to develop a largely integrated management system.
Whilst modern communication mediums mean that most ISMS systems are focused on ICT, ISO 27001 is equally applicable to other forms of information, such as paper records, images, and even conversations.
Who is ISO 27001 applicable to?
ISO 27001 is applicable to any organisation where the misuse, corruption, or loss of its business or customer information could result in major commercial prejudice.
NQA has registered organisations to ISO 27001 in sectors as diverse as storage and warehousing, secure destruction, telecommunications, advertising, financial outsourcing and software development.
What are the benefits of certification?
- Customer satisfaction - by giving confidence that their personal information is protected and confidentiality upheld
- Business continuity - through management of risk, legal compliance and vigilance of future security issues and concerns
- Legal compliance - by understanding how statutory and regulatory requirements impact the organization and its customers
- Improved risk management - through a systematic framework for ensuring customer records, financial information and intellectual property are protected from loss, theft and damage
- Proven business credentials - through independent verification against recognized standards
- Ability to win more business - particularly where procurement specifications require certification as a condition to supply
How to gain registration?
The process of registration follows three simple steps:
- Application for registration is made by completing the application questionnaire
- Assessment is undertaken by NQA - the organisation must be able to demonstrate that its ISMS has been fully operative for a minimum of three months and has been subject of a full cycle of internal audits
- Registration is granted by NQA and maintained by the organisation. Maintenance is confirmed through a programme of annual surveillance visits and a three yearly re-certification audit.
Initial Certification Audit
Stage 1 - the purpose of this visit is to confirm the readiness of the organisation for full assessment. The assessor will:
- confirm that the quality manual conforms to the requirements of ISO 27001
- confirm its implementation status
- confirm the scope of certification, statement of applicability and any exclusions
- check legislative compliance and review risk assessment
- produce a report that identifies any non-compliance or potential for non-compliance and agree a corrective action plan if required
- produce an assessment plan and confirm a date for the Stage 2 assessment visit
Stage 2 - the purpose of this visit is to confirm that the quality management system fully conforms to the requirements of ISO 27001 in practice. The assessor will:
- undertake sample audits of the processes and activities defined in the scope of assessment
- document how the system complies with the standard
- report any non-compliances or potential for non-compliance
- produce a visit plan for the first surveillance visit
- Please note that if any major non-conformance is identified, the organisation cannot be certified until corrective action is taken and verified.
For more information about this service, contact our friendly team today on 08000 522424. We will be pleased to help you.
For further information please download the information below.
- Information Security Management Systems Location Summary
Information Security Management Systems Location Summary
- ISO 27001 Online Quote Request Form
Information Security Management Systems interactive quote form.
- Information Security (27001) Factsheet
ISO 27001 is the international standard for Information Security Management Systems (ISMS).