ISO 27001:2022

Information Security Management System.

Key requirement: The ISO 27001 standard is designed to address the risks associated with information theft, either from un-authorised access to printed files or from corruption of electronic data.

Some of the Benefits: It drives the company to be aware of the risks and aspects due to the loss of sensitive data, it also helps companies comply with GDPR and the Data Protection Act.

• Information Security Policy in relation to your scope of business.
• Context mind map to identify your scope of operations.
• Identify the context of business, risks and interested parties.
• Training and competency records.

Sample of records that need protecting include:

• Personal details: home address and private telephone numbers.
• Salary, Bank account, Debts, Pension and Credit Card details.
• DBS checks (formerly CRB) results of any criminal records.
• NI number and personal medical information.
• Driving license or Passport details.
• Client lists and suppliers.
• Quotes and sensitive price lists.
• Company processes and trade secrets.

Data protection under ISO 27001 can include:

• Entry restriction to buildings, rooms and storage cabinets.
• Password protection for operating systems and electronically stored data.
• Password controls.
• Computer access protection and screen time out procedure.
• Personal background checks.
• Anti-virus software and system breach logs.
• Anti-Malware programs.
• Encrypted communications and secure file back-up.

Blue Planet would supply your manual, policy, documents, and provide the guidance needed for your company to install and maintain your ISO 27001 Information Security System.  Click here to see our “Step by step” guide to your certification.