Information Security Management

Organisations everywhere are becoming more and more reliant on data and information. The correct storage, use and distribution of this data through modern, secure information and technology systems is essential. Breaches in security, data misuse and loss could threaten the survival of an organisation. Failure to implement adequate systems of information control and management, and increasingly to be able to demonstrate the probity of these systems could result in lost contracts, or worse.

Any organisation which is not taking steps to safeguard their investment in information is at risk.

ISO27001 is the international Standard for information security management. It provides an invaluable framework to address issues of confidentiality, integrity and availability of data within an organisation.

As ISO27001 consultants Parker Management Consultants guide clients through the Standard, helping them understand the requirements as well developing action plans which will ensure compliance.

The ISO 27001 Standard

ISO27001: 2005 was formally adopted by the International Standards Organisations as the internationally recognised framework for information security management. The Standard is designed to dovetail into other Standards such as ISO9001 the international Standard for quality management systems.

For many businesses compliance with the ISO27001 Standard is a prerequisite for winning public sector and large scale contracts. For those handling sensitive or personal data it's an essential management tool.

The Standard is in two parts, ISO/IEC 27001: 2005 (Part 1) provides a standard of good practice which may help in the creation of an effective information security management system and ISO/IEC 27001 (Part 2) is the formal specification. This is the Standard by which UKAS approved certification bodies conduct audits for compliance and certification. An appendix to the Standard called Annex A, lists a variety of controls. Controls are selected that suit the business needs, and describe how systems and people issues are effectively managed, with regards to information security and good data handling techniques.

The ISO27001 Standard is made up of 11 separate sections:

  1. Security policy
  2. Internal organisation of information security
  3. Asset management
  4. Human resources security
  5. Physical and environmental security
  6. Communications and operations management
  7. Access control
  8. Information systems acquisition, development and maintenance
  9. Information security incident management
  10. Business continuity management
  11. Compliance

Each section has a specific aim and focus from the security policy section which focuses on providing management direction and support, through physical and personnel security considerations to the ultimate compliance requirements.

For advice on ISO 27001, support in implementing the Standards and progression to assessment and certification contact Parker Management Consultants on 0121 704 1354.

Parker Management Consultants, 1st floor, Dominion Court, 43, Station Road, Solihull, B91 3RT Contact us here