ISO27001:2005 specifies the management of information security. Applicable to all sectors of industry and commerce, it is not confined to information held on electronic systems, but addresses the security of information in whatever form it is held.
Our certification, from a UKAS accredited certification body (ISOQAR), demonstrates that the security of our information has been addressed, implemented and properly controlled. Customers, employees, trading partners and stakeholders can be sure that management information and systems are secure. It demonstrates credibility and trust. Cost savings are made, as even a single information security breach can involve significant expense. It establishes that relevant laws and regulations are being adhered to. It shows that a commitment to Information Security exists at all levels throughout our organisation.
Information security can be characterised as the preservation of:
- Confidentiality - ensuring that access to information is appropriately authorised
- Integrity - safeguarding the accuracy and completeness of information and processing methods
- Availability - ensuring that authorised users have access to information when they need it
ISO 27001 contains a number of control objectives and controls. These include:
- Security policy
- Organisational security
- Asset classification and control
- Personnel security
- Physical and environmental security
- Communications and operations management
- Access control
- System development and maintenance
- Business continuity management
Why is Information Security needed?
The confidentiality, integrity, and availability of vital corporate and customer information may be essential to maintain competitive edge, cash-flow, profitability, legal compliance and commercial image. ISO27001 is intended to assist with this task. It is easy to imagine the consequences for an organisation if its information was lost, destroyed, corrupted, burnt, flooded, sabotaged or misused. In many cases, it can lead, and has led, to the collapse of companies.
We became ISO27001:2005 re-certified in October 2012. This standard is live as it needs to update on a regular basis. The certification will now last until 15 October 2015. Many internal and management changes are in place to ensure information security. This is of the highest importance to Language Empire. All members of staff are regularly trained and any changes to policy or practice are discussed with staff.
As we move forward we will be looking to extend the scope to include BS7858 and BPSS guidelines, as well as the newly updated HMG Security Policy Framework for the protection of information. Although this is common practice in the organisation it is clear that we need to keep up to date and formalise all processes.
Quote from ISOQAR Auditor: ‘Following the recent audit of your company’s management system to include additional standards for ISO27001, I am pleased to inform you the IOSQAR certification technical review team has asked me to issue your certificates confirming registration to ISO27001:2005.’