The purpose of ISO 27001 is to enable an organisation to demonstrate that they have effective methodology in place to ensure that its information is kept secure. Companies have many levels of valuable information where the highest will often include developing patents, staff personal information, key financial data etc. Lesser levels will often be current customers, current bids and finally there will be some information you want to be publicly available, typically what may appear on your web site where there is little need for security of this information.
Protection normally addresses who has access to information and what they can do with it. Systems must be in place to ensure that those outside the business cannot gain access or modify the data through virus attacks, spying software and spoofing, and internal data cannot be lost through issues such as IT failures (disk drive crash) or staff copying the data.
ISO 27001 provides a formal way of identifying valuable information, deciding how it is to be protected, putting in place the protections and monitoring, maintaining and reviewing these protections for effectiveness to possibly make changes to information types held.
Winning Solutions Ltd consultants realise a balance has to be achieved between securing key information and making it accessible to the authorised staff in a user friendly way.
Our Consultants are experienced in the requirements of ISO 27001 and have a background in IT or electronics and are trained assessors.