ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in ISO/IEC 27001:2013 are generic and are intended to be applicable to all organizations, regardless of type, size or nature.

IAn ISO 27001 information security management system is a systematic and pro-active approach to effectively managing risks to the security of your company’s confidential information. The system promotes efficient management of sensitive corporate information, highlighting vulnerabilities to ensure it is adequately protected against potential threats. It encompasses people, process and IT systems. An ISO 27001 certification can be achieved by any business of any size, in any given sector, which is looking to increase and enhance the company’s security of its data. Information is an asset which, like other important business assets, has a value to an organisation and consequently needs to be suitably protected. This standard will help your company coordinate all your security efforts both electronically and physically, coherently, cost effectively and with consistency and prove to potential customers that you take the security of their personal / business information seriously.