ISO 27001

Quality Management Systems

ISO27001 (or ISO/IEC EN 27001:2005 to give it its full title), is designed to ensure that adequate controls addressing confidentiality, integrity and availability of "sensitive" information are provided within your organisation. "Sensitive" information can be anything which, if compromised, might impact directly or indirectly on your activities and those of your trading partners, employees and other interested parties. It is for you, as the owner of the system, to define which information you consider to be sensitive.

Unprotected information processing systems are vulnerable to fraud, corruption, and infiltration by malicious software such as ad-ware, viruses and trojans. Breaches in information security can allow vital information to be accessed, stolen, corrupted or lost. Very few organisations have all the appropriate controls and procedures in place to avoid such incidents unless they have formally adopted an Information Security Management System (ISMS).

• Competitive advantage:how safe are your IT systems? More companies now see certification to ISO27001 as a prerequisite for doing business.
• Minimising business risk: ensures controls are in place to reduce the risk of security threats. It will help your organisation develop a business continuity plan to minimise security breaches.
• Compliance with legislation: ISO27001 has been recommended by the UK Data Protection Commissioner as one way in which organisations can demonstrate they meet the requirements of the Data Protection Act 1998.