ISM is a division of Pondergrove Ltd.
Home > What is information security? > ISO 27001

What is ISO 27001 (BS 7799)?

BS 7799 was introduced in 1995 as the British Standard for information security management. It has since been adopted as an international standard, ISO 27001.

Organisations (companies, government departments, local authorities, etc) can apply to have their security management systems assessed against the standard by independent third parties. These ‘certification bodies’ are appointed via the Department for Business, Innovation & Skills and authorised to issue ISO 27001 certificates. The certificate is normally valid for three years and is dependent on periodic visits by the certification body.

ISO 27001 therefore enables customers to satisfy themselves that an organisation manages security effectively.

Why is ISO 27001 important?

ISO 27001 is an international yardstick by which customers, suppliers and other parties can measure the effectiveness of an organisation’s management of information security.

Rather than having to rely solely on their own judgement, ISO 27001 allows customers (at no cost to themselves) to use a qualified third party to verify whether the organisation’s security is well managed.

The fact that you have a security policy, procedures, firewalls, encryption etc tells customers that you have a security management system. Showing them an ISO 27001 certificate tells them whether it is any good.

More and more organisations are gaining ISO 27001 certification.

What does this mean for you?

As a buyer you can use ISO 27001 certification as a selection criterion. Make sure that those suppliers who have access to your sensitive or critical business information have an ISO 27001 certificate.

If your business involves processing customer-owned information then you should apply for an ISO 27001 certificate. You can use this to assure your customers that you protect their data.

Back to Information Security

At a Glance

Understand what we mean by Information Security and why it is important

See how we can help your organisation manage information security through our Masterclasses, Toolkits and Consultants.

Read our latest newsletter: current information security issues and what to do about them

Automatically receive our newsletter by add your name to ISM's distribution list

Call us now
+44 (0) 1635 817309

Contact ISM to find out more

Please fill in your details

Required fields in bold

Privacy & disclaimer >