ISO 27001

Your implementation guide

What is ISO/IEC 27001?

Successful businesses understand the value of timely, accurate information, good communications and confidentiality. Information security is as much about exploiting the opportunities of our interconnected world as it is about risk management. That’s why organizations need to build resilience around their information security management. Internationally recognized ISO/IEC 27001 is an excellent framework which helps organizations manage and protect their information assets so that they remain safe and secure.

At BSI, we have the experience, the experts and the support services to help make sure you get the most from ISO/IEC 27001, by making you more resilient and responsive to threats to your information.

This guide shows you how to implement ISO/IEC 27001 in your organization to build resilience for the long term and safeguard your reputation. We also showcase our additional support services, which help you not only achieve certification, but continue to reduce risk and protect your business.

How ISO/IEC 27001 works and what it delivers for you and your company

The ability to manage information safely and securely has never been more important. ISO/IEC 27001 not only helps protect your business, but it also sends a clear signal to customers, suppliers, and the market place that your organization has the ability to handle information securely.

ISO/IEC 27001 is a robust framework that helps you protect information such as financial data, intellectual property or sensitive customer information. It helps you identify risks and puts in place security measures that are right for your business, so that you can manage or reduce risks to your information. It helps you to continually review and refine the way you do this, not only for today, but also for the future. That’s how ISO/IEC 27001 protects your business, your reputation and adds value.

The latest version of ISO/IEC 27001 was published in 2013 to help maintain its relevance to the challenges of modern day business and ensure it is aligned with the principles of risk management contained in ISO 31000.

It’s based on the high level structure (Annex SL), which is a common framework for all revised and future ISO management system standards, including ISO 9001:2015 and ISO 14001:2015. Annex SL helps keep consistency, align different management system standards, offermatching sub-clauses against the top level structure and apply a common language.
It compels organizations to incorporate their Information Security Management System (ISMS) into core business processes, make efficiencies and get more involvement from senior management.

QMS ITALIA Training Academy

Boost your knowledge with our expertise: QMS ITALIA has a comprehensive range of training courses to support implementation of ISO/IEC 27001 and help build the skills in your organization. Our expert instructors can transfer the knowledge, skills and tools your people need to embed the standards of excellence into your organization. What’s more, the accelerated learning techniques applied in our courses will help make sure that what you learn stays with you.

ISO/IEC 27001:2013 Requirements

• One-day classroom-based training course

• Learn about the structure and key requirements of ISO/IEC 27001:2013

• Essential for anyone involved in the planning, implementing, maintaining, supervising or auditing of an ISO/IEC 27001:2013 ISMS

ISO/IEC 27001:2013 Internal Auditor

• Two-day classroom based training course

• Learn how to initiate an audit, prepare and conduct audit activities, compile and distribute audit reports and complete follow-up activities

• Ideal for anyone involved in auditing, maintaining or supervising an ISO/IEC 27001:2013 ISMS

ISO/IEC 27001:2013 Implementation

• Two-day classroom based training course

• Discover the stages of implementation and how to apply a typical framework for implementing ISO/IEC 27001

• Recommended for anyone involved in planning, implementing, maintaining, supervising or auditing of an ISO/IEC 27001 ISMS

ISO/IEC 27001:2013 Lead Auditor

• Five-day classroom based training course

• Gain the skills and understanding required to lead and successfully undertake a successful management system audit

• Recommended for anyone involved in auditing maintaining or supervising an ISO/IEC 27001:2013 ISMS.

Why we?

QMS ITALIA / QMSCERT has been at the forefront of ISO/IEC 27001 since the start.

Originally based on BS 7799, developed in 1995, we’ve been involved in its development and the ISO technical committee ever since. That’s why we’re best placed to help you understand the standard.

At QMS ITALIA / QMSCERT we create excellence by driving the success of our clients through standards. We help organizations to embed resilience, helping them to grow sustainably, adapt to change, and prosper for the long term. We make excellence a habit. For over a century our experts have been challenging mediocrity and complacency to help embed excellence into the way people and products work. With 10,000 clients in 20 countries, QMSCERT is an organization whose standards inspire excellence across the globe.

More information