The ISO 27001 standard provides a framework for implementing an ISMS, safeguarding your information assets while making the process easier to manage, measure, and improve. It helps you address the three dimensions of information security: Confidentiality, Integrity, and Availability. ISO 27001 also specify requirements for the implementation of security controls customised to the needs of individual organisations through establishing, implementing, operating, monitoring, reviewing, maintaining and improving an Information Security Management System (ISMS).
The design and implementation of an organisation’s ISMS is influenced by their needs and objectives, security requirements, the processes employed and the size and structure of the organisation. These and their supporting systems are expected to change over time. It is expected that an ISMS implementation will be scaled in accordance with the needs of the organisation.
The revised standard has now been published using the new high level structure according to annex SL 1, which is common to all new management systems standards. This will make integration easier when implementing more than one management system. We will be contacting all existing ISMS clients with details of our transition plan and the time scales that you will be required to achieve for transfer to the revised standard.