Yellow font on Black background Black font on White background Black font on Cream background
Call us today 01621 857841 or Email us
Quality Matters Logo

"Quality Matters in your Business"

Monday, 23 January 2017

A detailed look at ISO 27001: Part 1

IS0 27001 is a Model for information security management systems. It is an information security system registration scheme where a company’s information security procedures and processes are assessed to an information security management Standard.  This Standard has been agreed in this country, the European Union and Internationally

ISO 27001 is the working standard and it contains 7 main sections

  1. Scope
  2. Normative References
  3. Terms and definitions
  4. Context of the Organisation
  5. Leadership
  6. Planning
  7. Support
  8. Operation
  9. Performance Evaluation
  10. Improvement

Put very simply, ISO 27001 is a declaration of an organisations ability to demonstrate its capability to consistently protect information security and to satisfy its customers’ information security needs.

Risk Assessments

Risk assessments must be carried out on important parts of the organisation; risks evaluated and a risk treatment plan established to mitigate the risk.  Where medium risks cannot be reduced then it is permitted to accept the risk based on certain criteria.

Risk assessments have been carried out on each asset.

The methodology used identifies the Asset Value:



  1. Low value to the business
  2. Moderate importance to the business
  3. Highly important to the business

Following the risk assessment the results are reviewed at an ISMS Forum meeting.

Scores are either confirmed or adjusted as necessary.

Items which are seen as high risk are addressed with the highest priority.

Risk assessments are revisited and actions taken as necessary.  Issues which are identified in the interim as high risk will be addressed immediately if, in the opinion of management, delay would be detrimental to the company.

 Statement of Applicability

The Statement of Applicability (S.O.A) is a document that is available to the public and is attached to the Certificate of compliance issue by the Certification Body. It details all the elements of the standard that are applicable, and those which are excluded and a justification for exclusions.
Annex A of ISO 27001 contains all the controls applicable to an application.

Clearly not all organisations will apply all elements of the Standard and this document details which are used.

The S.O.A is version controlled and any change must be notified to the Certification Body.


No comments:

Quality Matters

P.O.Box 5479
Maldon
Essex
CM9 8GG
England

T: 01621 857841
F: 01621 856016
M: 07702 193788

© 2015 Quality Matters Ltd. All rights reserved. Responsive Design