ISO/IEC 27001 2013

Information is the lifeblood of every organisation. It is essential to manage and control the confidentiality, integrity and availability of information and also authenticate its users

Information security as defined by the newly revised version of International Standard ISO27001, launched in October 2013, goes beyond the obvious IT security focus that most people imagine. It covers information security policy, management of information security, people security, information asset management, information access control, cryptography, physical & environmental security, IT operations security, communications security, system acquisition, development & maintenance, supplier relationships, information security incident management, information security aspects of business continuity management, and compliance with relevant laws, regulations, contracts and policies.

Applying information security principles and controls is how we do this!

The key benefits of ISO27001 are:

• It can act as the extension of the current quality system to include security

• It provides an opportunity to identify and manage risks to key information and systems assets

• It provides confidence and assurance to trading partners and customers; acts as a sales tool

• It allows an independent review and assurance to you on information security practices, protecting your business!


ISO27001 requires that management:

• Continuously examine the company's information security risks, taking account of possible threats, vulnerabilities within the system and what the possible impacts are

• Design and implement a coherent and comprehensive manual of information security controls and/or other forms of risk preventative actions (such as risk avoidance or risk transfer)

• Adopt a management process to ensure that the information security controls continue to meet the company's information security needs on an ongoing basis

How JAS Associates can help:

• JAS Associates can help you review your current information security controls against the expectations of ISO 27001, providing you with a gap analysis and a clear roadmap to take you through to the formal certification audit, if that is your aim

• Depending on your needs, time pressures and budgets, we can also provide the resource and expertise to complete the essential information security management system (ISMS) implementation work to help expedite the process and ensure it is performed to the high standards you would expect

If you need any further assistance please click here or call us on 0844 327 2688