ISO 27001
The purpose of ISO 27001 is to enable an organisation to demonstrate they have effective methodology in place to ensure that business and client information is kept secure.
Companies have many layers of valuable information stored that needs to be kept safe. From developing patents, staff personal information, key financial data etc. all the way down to customer info, bids in progress and even information that is publicly available.
Protection normally addresses who has access to information and what they can do with it. Security systems must be in place to ensure that those outside the business cannot gain access or modify the data through virus attacks, spying software and spoofing, and internal data cannot be lost through issues such as IT failures (disk drive crash) or staff copying the data.
ISO 27001 provides a formal way of identifying valuable information, deciding how it is to be protected, putting in place the protections and monitoring, maintaining and reviewing these protections for effectiveness to possibly make changes to information types held.
Winning Solutions realise a balance has to be achieved between securing key information and making it accessible to the authorised staff in a user friendly way.
Our Consultants are experienced in the requirements of ISO 27001 and are trained assessors.