ISO 27001 (ISMS):INFORMATION SECURITY MANAGEMENT STANDARD
ISO 27001 (ISMS) is the internationally recognised standard for the Information Security Management System of businesses. It applies to the processes that create and control the Information Security of an organisation. It prescribes systematic control of activities to ensure that the needs and expectations of customers are met.
THE BENEFITS OF IMPLEMENTING ISO 27001 (ISMS)
- Registration to ISO 27001 (ISMS) by an accredited certification body shows committed to quality, customers, and a willingness to work towards improving efficiency.
- It demonstrates the existence of an effective quality management system that satisfies the rigours of an independent, external audit.
- Mandatory Stage I & Stage II audits are carried out for all our clients.
- An ISO 27001 (ISMS) certificate enhances company image in the eyes of customers, employees and shareholders alike.
- It also gives a competitive edge to an organisation's marketing.
HOW DO YOU START TO IMPLEMENT ISO 27001 (ISMS) WHAT IS INVOLVED?
- Identify the requirements of ISO 27001 (ISMS) and how they apply to the business involved.
- Establish quality objectives and how they fit in to the operation of the business.
- Produce a documented quality policy indicating how these requirements are satisfied.
- Communicate them throughout the organisation.
- Evaluate the quality policy, its stated objectives and then prioritise requirements to ensure they are met.
- dIentify the boundaries of the management system and produce documented procedures as required.
Once developed, internal audits are needed to ensure the system carries on working. The setting of targets for the environmental policy and continual measuring against it ensures the system is maintained.
ASSESSMENT TO ISO 27001 (ISMS)
Once all the requirements of ISO 27001 (ISMS) have been met, it is time for an external audit. This should be carried out by a third party, accredited certification body. In the UK, the body should be accredited by UKAS (look for the 'crown and tick' logo). The chosen certification body will review the quality manuals and procedures. This process involves looking at the company's evaluation of quality and ascertains if targets set for the management programme are measurable and achievable. This is followed at a later date by a full on-site audit to ensure that working practices observe the procedures and stated objectives and that appropriate records are kept.
After a successful audit, a certificate of registration to ISO 27001 (ISMS) will be issued. There will then be surveillance visits (usually once or twice a year) to ensure that the system continues to work. This is covered in more detail in ISOQAR's 'Audit Procedure' information sheet.
WHY CHOOSE AGQR Certification FOR YOUR ASSESSMENT ?
AGQR Certifications has an enviable record for customer satisfaction for its certification services. A friendly approach and a dislike of bureaucracy has led to unprecedented growth through referrals from contented clients. AGQR Certifications only employs auditors that have empathy with this approach. They are also carefully allocated by their experience in the industry they are auditing. This results in a practical, meaningful audit, carried out in an air of mutual understanding. AGQR Certifications firmly believes that its audits should benefit the organisation that requests it, not be an intellectual exercise to 'please' the auditor.
WHAT IS THE COST OF ASSESSMENT TO ISO 27001 (ISMS) ?
Unlike a majority of its competitors, AGQR Certifications produces a guidance price list based on company size. For a copy please get in touch .
For a fixed, written quotation however, we require a few more details. These can be submitted to AGQR Certifications via a short questionnaire or alternatively contact AGQR for more details. Quotations are provided without any obligation. An information pack about AGQR Certifications's certification services can also be requested
JOINT ISO 27001 (ISMS) , ISO 9000 AND ISO 14001 SYSTEMS
There are several common elements between these three systems, such as management review, document control, corrective action and the requirement for trained personnel. These can be integrated into a single, joint system or a combination of any of the above. Audit of joint systems is available and may be the best method for some companies
Integrated systems not only help organisations internally, by reducing duplication and providing a centralised document control system, but may also offer cost benefits for your third-party audit..