Information Security Management Systems

Just like Environmental Management Systems, certification for Information Security Management Systems is a fairly recent development, and the ISO 27001 standard was only established in 2005.

It is clear that the security of information is of growing importance in the 21st century; hardly a week goes by without a high-profile news story about missing or compromised data – and the resulting legislation means that compliance with data protection and information security protocols are an essential requirement of modern business.

Your Information Security management system (ISMS) is a codified set of processes detailing the way your organisation manages the risks involved in information storage and processing – essentially how secure the data is, its integrity and its availability. Or more simply: can people steal your information, is it correct and can you find it when you need it?

The approach used to design, instigate and operate such a system in your organisation is based around correct planning and risk assessment, correct build of the systems and controls, followed by a thorough review and evaluation, and finally initiation and integration with your existing systems.

As with other industry-wide standards, the most popular ISMS certification is produced by the International Organisation for Standardization, the ISO 27000 family of standards. An ISO 27001 registration certifies your organisation's Information Security on a global level.

Whatever certification you choose, it is important that it is created with your company instead of being an off-the-shelf product, as the whole point of your ISMS is that it is integral to your organisation, based on your activities and using your resources. So do not be tempted to opt for someone else's 'box-ticking' exercise if you are at all serious in improving your information management and your business in the 21st century.

For a free-of-charge fact-finding and advice meeting, please contact us on +44 (0)1435 830 195 or at