top of page
iso-27001-international-information-security-standard-concept-iso-standards-quality-contro

GOVERNANCE AND AUDIT

We deliver IT governance as a service, equipping our clients with the essential tools and expertise to effectively manage and oversee their IT systems. This service ensures adherence to industry standards and regulations while aligning IT strategies with broader business objectives. Our team is ISO 27001 certified, possessing the knowledge and skills to assist your organisation in achieving certification.

​ISO 27001, developed by the International Organisation for Standardisation (ISO) and the International Electrotechnical Commission (IEC), sets forth a comprehensive framework for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS).

​

An ISMS encompasses a structured set of policies and procedures, covering all legal, physical, and technical controls involved in managing an organisation’s information risk. Its primary goal is to safeguard the confidentiality, integrity, and availability of information assets.

​

Achieving ISO 27001 certification requires demonstrating that your organisation has implemented the necessary controls and processes outlined in the standard. This is verified through an audit by an external certification body, with ongoing reassessment required to maintain compliance.

​

​

​

standard-quality-control-collage-concept.jpg
standard-quality-control-collage-concept (1).jpg

ISO/IEC 27001:2013 (ISO 27001) represents the global benchmark for best practices in ISMS management. Certification under this standard signifies that your organisation adheres to the highest standards of information security management, supported by ISO/IEC 27002:2013, a code of practice for information security management.

​

An ISO 27001-compliant ISMS provides a unified approach to managing and improving your organization's security practices, offering a consistent and cost-effective solution. Regular risk assessments are integral to this framework, enabling you to identify and address security threats according to your organisation’s risk tolerance.

​

​

​Annex A of ISO 27001, often considered the cornerstone of the standard, offers a catalogue of 114 security controls from which organisations can select the most applicable. Although not all controls are mandatory, most organizations find that the majority are relevant and necessary.

​

ISO 27001 certification provides organisations with an internationally recognized, externally validated quality mark for Information Security Management, offering assurance to both customers and internal stakeholders about the state of their security practices.

standard-quality-control-concept-m (3).jpg

Key components of the ISO 27001 standard include

Image by Visax

Information Security Policies (A.5)

Guidelines for drafting and reviewing policies.

​

Organisation of Information Security (A.6)

Allocation of responsibilities, including controls for mobile devices and teleworking.

​

Human Resources Security (A.7)

Controls before, during, and after employment.

​

Asset Management (A.8)

Inventory management, information classification, and media handling.

​

Access Control (A.9)

Policies and procedures for user and system access.

​

Cryptography (A.10)

Encryption and key management practices.

 

Physical and Environmental Security (A.11)

Secure areas, entry controls, and equipment security.

Operational Security (A.12)

IT management, including change management, capacity, malware protection, and backups.

​

Communications Security (A.13)

Network security and information transfer controls.

​​

System Acquisition, Development, and Maintenance (A.14)  Security in development and support processes.

​

Supplier Relationships (A.15)

Guidelines for agreements and supplier monitoring.

​

Information Security Incident Management (A.16)

Reporting and response procedures, evidence collection.

​

Business Continuity Management (A.17)

Planning and reviewing for business continuity.

​

Compliance (A.18)

Legal and regulatory compliance, intellectual property, and personal data protection.

bottom of page