ISO 27001 – The Information Security Management System Standard

ISO 27001 is a management system standard published in 2005 that specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization’s overall business risks.

It applies to all types of organizations (e.g. commercial enterprises, government agencies, not-for profit organizations) and it is not limited to the IT department. It requires the involvement of all areas of the organization in order to ensure effective implementation.

The standard specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof and is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties.

ISO 27001 can be used within organizations to formulate security requirements and objectives which include ensuring that security risks are cost effectively managed; definition of new information security management processes and ensuring compliance with laws and regulations. The standard can be used by the management of organizations to determine the status of information security management activities.

How we can help

QSI can help organizations by providing fundamental Training Services to help interpret the requirements of ISO 27001. We also offer advanced ISO 27001 training for Auditors and Lead Auditors based on ISO 19011.

Our for Management System certification services for ISO 27001 are based on ISO 17021 (the standard that applies for accreditation of Management System Certification Bodies). As an accredited Third-Party Certification Body for OHSAS 18001 our approach to certification services is one where we create positive environment which is conducive for achieving Management System objectives.

QSI can support organizations that are currently certified or that have chosen a different Certification Body by providing assessment services to either help get them ready for certification and/or by providing on-going Internal Audits after ISO 27001 certification has been achieved.

For individual ISO 27001 Auditors, Consultants, Instructors and Technical Experts that wish to become certified, QSI administers a Personnel Certification Program based on ISO 17024.

If you need additional information on how QSI can help you meet your organizational or personal development and improvement objectives, please Contact Us.