Home   Setting up an ISMS >  ISO 27001:2005

ISO 27001:2005

ISO 27001:2005 INFORMATION SECURITY MANAGEMENT SYSTEMS CERTIFICATION

Demonstrate your commitment to information security certification management
Information is a major asset. In business, information supports a multitude of processes, from deals to mergers, projects to employee details. Any disruption in the quality, quantity, distribution or relevance of your information systems can put your business at risk from attack. The security of information systems and business-critical information must be actively managed in order to reassure your employees, stakeholders, customers and partners of data safety.

Safeguard your information - and keep it that way
The ISO 27001:2005 Information Security Management Systems (ISMS) certificate enables you to demonstrate your commitment to information security, customer satisfaction, and continuous improvement of your corporate image. The standard is comprised of two parts:

  1. ISO 17799: guidance on implementing ISMS
  2. ISO 27001: standard against which ISMS can be certified

The first step is to define the scope of the ISMS policy. This is critical to identifying the potential dangers you face and for deciding upon a systematic approach as to how to assess these risks. A successful ISMS includes standard steps for implementation, operation, review, maintenance and system improvement

0 Request for correspondence

The ISO 27001:2005 standard covers twelve areas:

  • security policy
  • organisation of information security
  • asset management
  • human resources security
  • physical and environmental security
  • communications and operations
  • management
  • access control
  • information systems acquisition, development and maintenance
  • information security incident management
  • business continuity management
  • compliance

Thanks to our expert information security analysts, we can assess how your ISMS have been implemented to identify the differences in your current system compared to the standard requirements. Once these differences have been rectified, you will participate in an initial audit. From the audit, you will receive a report outlining the key measures needed to receive positive certification. If no major corrective action is required, you will obtain direct certification. Annual compliance audits will follow and, as long as systems are maintained, the certificate is renewed every three years.

Benefits of ISO 27001:2005

  • The reputation of ISO and certification against the internationally recognised ISO 27001:2005 will enhance the credibility of any company. Certification demonstrates the validity of your information and your commitment to upholding information security.
  • The creation and certification of ISMS can transform your corporate culture both internally and externally, opening up new business opportunities with security conscious customers/clients, improving employee ethics and strengthening the notion of confidentiality throughout the workplace.
  • *Certification allows you to enforce information security and reduce the possible risk of fraud, information loss and disclosure.

Organisations certified to BS 7799 can transition to ISO 27001certification. According to the January 2006 UKAS Transition Statement, companies certified to BS 7799-2:2002 will be given until July 2007 to make the transition.

0 Why certify with SGS?

For more information: