Information Security

ISO/IEC 27001 — The Information Management System. What is ISO/IEC 27001?

ISO/IEC 27001 enables an organisation to ensure that the information it handles is lawfully and properly controlled and protected through adequate security measures in the interests of the organisation itself, its customers, staff and other parties with whom it trades or deals.

The standard was originally sponsored by the DTI and introduced in the 1990s under the title BS 7799. It was last revised in 2005 and focuses in particular on the assessment and management of the risks relating to the holding and providing of information.

How Can ISO/IEC 27001 Benefit My Organisation?

Everyone will be aware of the importance of information security and will have heard of much publicised cases where information held by an organisation has not been managed and controlled, leading to disastrous consequences for the organisation concerned and the external parties whose rights, interests, lives, privacy and businesses have been affected. In extreme cases, security failures by a business can reduce confidence to such an extent or prove so costly that the organisation and/ or its key managers cannot continue.

Other parties who do business or come into contact with your organisation will be aware of the danger of passing their information to you and will wish to be assured that your organisation's IT and other systems are secure and that you can be trusted to safeguard sensitive details.

ISO/IEC 27001 can help your organisation reduce the risk of security lapses by enabling you to assess your organisation's needs and provide an appropriate system to control and protect information in accordance with legal requirements. In particular, ISO/IEC certification can benefit your organisation by:

• Ensuring that you comply with relevant legal requirements, in particular the Data Protection Act 1998 and (if your organisation is affected) by the Freedom of Information Act 2000.
• Protecting your organisation's business by reducing the risk of damaging consequences to your organisation and other parties.
• Increasing confidence in your organisation and demonstrating the competence and commitment of your organisation.
• Providing your organisation with a competitive edge over other organisations because customers will be assured that you are taking a responsible approach in maintaining information that affects their rights and interests.
• Giving you peace of mind and enabling you to concentrate on growing your business.

How Can Touchstone Renard Help My Organisation Achieve ISO/IEC 27001?

To start with, we would have a discussion with you to learn more about the size and type of your organisation, the type of information that you process and the security measures that you already have in place. We would then be able to recommend the series of steps – tailored to your organisation's needs and situation - that we would help your organisation to take to enable you to achieve ISO/IEC 27001. This could include training for your people if you wish and the preparation of requisite documentation on your behalf.

Once you have achieved ISO/IEC 27001, we can offer you a maintenance programme, involving the audit of your systems on a regular basis. Alternatively, if you are concerned that the measures you have taken in the past have not been kept up to date, we can help you straight away to get back on track.

We will always give you a clear statement of our fees and the time commitment involved on your part.

If you would like to have a discussion without any obligation about assessing or auditing the information security measures that you have in place already or achieving ISO/IEC 27001, please contact Phil Austin:

• This e-mail address is being protected from spambots. You need JavaScript enabled to view it or via
• our website at www.TouchstoneRenard.com, or
• telephone +44 (0)20 7866 8123.