Informatiebeveiliging

ISO 27001

ISO 27001:2013 is de internationale norm voor informatiebeveiligingsbeheersystemen.

Wat is ISO 27001?

De ISO 27001: 2013-norm (ook bekend als BS EN 27001: 2017) biedt een kader voor een informatiebeveiligingsbeheersysteem (ISMS) dat de voortdurende vertrouwelijkheid, integriteit en beschikbaarheid van informatie mogelijk maakt, evenals wettelijke naleving. ISO 27001-certificering is essentieel voor het beschermen van uw meest vitale bedrijfsmiddelen.

De implementatie van ISO 27001 is een ideaal antwoord op klant- en wettelijke vereisten zoals de AVG/GDPR en potentiële veiligheidsrisico's, waaronder:

Cybercrime
Persoonlijke gegevensinbreuken
Vandalisme / terrorisme
Brandschade
Misbruik
Diefstal van data
Virale aanval

De ISO 27001-norm is ook gestructureerd om compatibel te zijn met andere normen voor managementsystemen, zoals ISO 9001, en het is technologie- en leveranciersneutraal, wat betekent dat het volledig onafhankelijk is van een IT-platform. Als zodanig moeten alle leden van het bedrijf worden voorgelicht over wat de standaard betekent en hoe dit in de hele organisatie van toepassing is.

Een ISMS is een systematische benadering om gevoelige bedrijfsinformatie te beheren, zodat deze veilig blijft. Het omvat mensen, processen en IT-systemen door een risicobeheerproces toe te passen. Het kan elke organisatie in elke branche helpen bedrijfsinformatie-assets veilig te houden.

Helps you with

  • Beveiliging middelen
  • Beveiligingsbeleid
  • Cyber Security Strategie
  • IT Governance
  • Incident Management
  • Beheersen van bedreigingen
  • Reduceren van uitvaltijd
  • beveiligen van data verlies
  • beveiligen tegen data inbreuk
  • Compliance Checklist
  • Management System
  • AVG/GDPR
  • Veiligheidsbeleid

     

Benefits of ISO 27001 Certification

Customer satisfaction

Give customers confidence that their personal data/information is protected and confidentiality upheld at all times.

Business continuity

Avoid downtime with management of risk, legal compliance and vigilance of future security issues and concerns.

Legal compliance

Understand how statutory and regulatory requirements impact your organization and its customers, whilst reducing risk of facing prosecution and fines.

Improved risk management

Ensure customer records, financial information and intellectual property are protected from loss, theft and damage through a systematic framework.

Proven business credentials

Independent verification against a globally recognized industry standard speaks volumes.

Ability to win more business

Procurement specifications often require certification as a condition to supply, so certification opens doors.

Global recognition as a reputable supplier

Certification is recognized internationally and accepted throughout industry supply chains, setting industry benchmarks for sourcing suppliers.

Is ISO 27001 right for me?

It’s right for you and your organization if you need the evidence or assurance that your most important asset is protected from misuse, corruption, or loss.

We have certified organizations to ISO 27001 in a diverse range of sectors including Royal Mail Group, Smart Water Technology, Barcode Warehouse and the Northern Ireland Council for Curriculum, Examinations and Assessment.

What is an ISMS?

An ISMS is a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems by applying a risk management process.

It can help any size organization within any industry keep business information assets secure.

GDPR and ISO 27001

The General Data Protection Regulation (GDPR) has a much more extensive scope than the previous Data Protection Act (DPA) and has been introduced to stay in touch with the modern digital landscape. The Regulation affords more data rights to individuals and requires organizations to develop defined policies, procedures and to adopt relevant technical and organizational controls to protect personal data.

The GDPR applies to two types of users, of which we will undoubtedly all fall; Controllers and Processors. Briefly put; the controller determines how and why the personal data is used or processed and the processor acts on the controllers behalf, much like many organizations relying on the services of an IT service provider. Processors have more legal obligations placed on them in the case of a breach however a controller will be responsible for ensuring the contracts with the processor comply with the GDPR.

This is not a complete overview of the regulation and should not be used as such. Find out the key points and how they map to ISO 27001 here.

Steps to Certification

  1. Step 1

    You will need to fill in an application form in order for NQA to understand your company and requirements. You can do this by completing either the online quick quote or the online formal quote request form. We will use this information  to accurately define the scope of assessment and provide you with a proposal for certification.

  2. Step 2

    Once you’ve agreed your proposal your assessments will be booked with an NQA Assessor. This assessment consists of two mandatory visits that form the Initial Certification Audit. Please note that you must be able to demonstrate that your management system has been fully operational for a minimum of three months and has been subject to a management review and full cycle of internal audits.

  3. Step 3

    Following a successful two stage audit, a certification decision is made and if positive, then certification to the required standard is issued by NQA. You will receive a hard and soft copy of the certification. Certification is valid for three years and is maintained through a programme of annual surveillance audits and a three yearly recertification audit.

Zie meer gegevens

Ready to start your journey?

We'll give you a clear indication of the costs of gaining and maintaining certification.
Not ready yet? Call us on Call (0)6 27034643 or request a callback to discuss your certification requirements.