- About us
- What We Do
- Work With Us
- Contact us
Share this post
ISO 27001 is the standard developed by the ISO relating to Information Security Management. It offers an international standard by which information security risks and data are managed effectively.
ISO (International Organization for Standardization) is a worldwide federation of national standards bodies. It is an independent (non-governmental) international organization of bodies from over 160 countries. Their function is to develop standards to ensure consistent quality, safety, and efficiency of services, products and systems worldwide via companies and individuals who achieve compliance.
An ISMS is a set of processes that help your organisation or business handle sensitive information. Establishing these processes reduces the risk of data being mismanaged or lost.
If a problem does arise, the processes within by the ISMS will direct the organisation’s follow-up actions in dealing with the error. And aid analysis as to what happened and how to reduce the risk of anything similar occurring in the future.
ISO do not conduct certification themselves. The International Organisation for Standardization develops the international standards. Official bodies across the globe manage certification and accreditation.
Our certification at Clekt is granted by the British Assessment Bureau whose certifications are UKAS accredited. UKAS is the National Accreditation Body for the United Kingdom. Appointed by the government, they assess and accredit organisations that supply services including certification.
UKAS accredited ISO 27001 certification is the gold standard of Information Security Management in the UK and worldwide.
Each organisations situation is unique and so involves a set of information security challenges individual to them alone. For this reason, ISO 27001 does not impose a generic security approach or list of requirements to tick off to successfully become certified.
Instead, in implementing ISO 27001 organisations put in place suitable and individually specified processes and policies that contribute to information security. These are documented through a range of documents which are investigated by the governing body, in our case the British Assessment Bureau.
The comprehensive list of documentation covering the scope and depth of the policies and processes put in place in developing an ISMS for ISO 27001 certification is as follows.
✅ Scope of the Information Security Management System
✅ Information security policy and objectives
✅ Risk assessment and risk treatment methodology
✅ Statement of Applicability
✅ Risk Treatment Plan
✅ Risk assessment and risk treatment report
✅ Definition of security roles and responsibilities
✅ Inventory of assets
✅ Acceptable use of assets
✅ Access control policy
✅ Operating procedures for IT management
✅ Secure system engineering principles
✅ Supplier security policy
✅ Incident management procedure
✅ Business continuity procedures
✅ Legal, regulatory, and contractual requirements
✅ Records of training, skills, experience, and qualifications
✅ Monitoring and measurement of results
✅ Internal audit programme and results
✅ Results of the management review
✅ Non-conformities and results of corrective actions
✅ Logs of user activities, exceptions, and security events
Accreditation once achieved is valid for three years. However, retaining certification throughout this three-year period requires annual assessment to ensure standards are being maintained. Equally as the business evolves and scales the ISMS must advance also to remain compliant. Three years from issuing the ISMS is recertified once more.
ISO 27001 certification is vitally important to us here at Clekt. While this shows the importance we place on the security of our customers data, it also demonstrates our proactive approach to managing the safekeeping of the valuable asset that is data.
Our Information Security Management System anticipates threats to the security of all data handled on our customers behalf and allows us to show this at an internationally recognised and accredited level.
Get in touch if you’d like to find out how we can help you optimise your data with the highest level of data security!
To unlock your companys most important asset
and find out more about Clekt, please get in touch.