You are here:

HomeServicesInformation Security
Protect your business information assets securely.

Services: Information Security

ISO 27001:2013 (ISO27001) is an International Standard that has been prepared to provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an Information Security Management System (ISMS).

ISO 27001 provides an ISMS a framework for implementing these principles using the ‘Plan - Do - Check - Act cycle and management system processes. The implementation of ISO27001 is an ideal response to legal and contractual requirements and potential security threats such as:

 

    1. Misuse
    2. Hacking
    3. Penetration
    4. Theft
    5. Viral attack

Risk assessment – Organisations conduct an Information Security Risk Assessment.

Security design and implementation – Organisations incorporate security as an essential element of information systems and networks.

Security management – Organisations adopt a comprehensive approach to security management.

Awareness - Organisations are aware of the need for security of information systems and networks, plus what they can do to enhance security.

Responsibility - Organisations are aware of the need for security of information systems and networks, plus what they can do to enhance security.

Response – Organisations act in a timely and co-operative manner to prevent, detect and respond to security incidents.


How the organisation can benefit from ISO27001:2013:
  • It can act as the extension of other Management Systems (ISO9001 & ISO14001) to include security.
  • It provides an opportunity to identify and manage risks to key information and systems assets.
  • Provides confidence and assurance to trading partners and clients; acts as a marketing tool.
  • Customer satisfaction by giving confidence that their personal information is protected, and confidentiality upheld.
  • Business continuity through management of risk, legal compliance and vigilance of future security issues and concerns.
  • Legal compliance by understanding how statutory and regulatory requirements impact the organization and its customers.
  • Improved risk management through a systematic framework for ensuring customer records, financial information and intellectual property are protected from loss, theft and damage.
  • Proven business credentials through independent verification against recognised standards.
  • Ability to win more business particularly where procurement specifications require.
  • Allows an independent review and assurance to you on information security practices.

The information security management system services provided by QSP Solutions include:
  • Implementation and operation of information security management system to ISO27001.
  • Information security policy statement, information security objectives and procedures [a copy of the MS04 Information Security Policy is available by clicking here]
  • Identifying compliance with information security and other regulations.
  • Development of information security management programmes.
  • Delivery to staff of employee ISO27001 and information security awareness training sessions [an ISO27001:2013 Awareness Briefing is available by clicking here]
  • Undertake and manage information security internal audit programme, including audits, audit reports and support through to resolution of any issues arising.
  • Liaison with the chosen certification body for certification to ISO27001:2013.
  • Maintenance of the ISO27001 management system post certification.


An ISO27001:2013 Action Plan is available by clicking here [clicking here]


Information Security - Risk Management

The clauses of ISO14001:2015 are:

  • Scope
  • Normative references
  • Terms and definitions
  • Context of the organization
  • Leadership
  • Planning
  • Support
  • Operation
  • Performance evaluation
  • Improvement

Risk Management

We spend over 1 million hours each year improving the performance of businesses around the world This experience allows us to see first-hand how ISO27001:2013:
  • Helps you identify risks to your information and put in place measures to manage or reduce them
  • Helps you put in place procedures to enable prompt detection of information security breaches
  • Requires you to continually improve your Information Security Management System (ISMS)
  • Improved reputation and stakeholder confidence
  • Better visibility of risk amongst interested parties
  • Builds trust and credibility in the market to help you win more business
  • Requires you to identify all internal and external stakeholders relevant to your Management System ISMS
  • Requires you to communicate the ISMS policy to and ensure that the workforce understands how they contribute to it
  • Top management need to define ISMS roles and ensure individuals are competent
  • Improved information security awareness amongst all relevant parties
  • Reduces likelihood of staff-related information security breaches
  • Shows commitment to information security at all levels of the business
  • Gives you a framework which helps you to manage your legal and regulatory requirements
  • Makes you review and communicate your regulatory requirements to other interested parties
  • Reduces the likelihood of fines or prosecution
  • Helps you comply with relevant legislation and helps make sure you keep up to date
  • It makes you assess risks to information security so you can identify potential weaknesses and respond
  • Requires you to put in place controls that are proportionate to the risks
  • Requires you to continually evaluate risks to your information security and make sure the controls you put in place are appropriate
  • Helps you protect your information so you can continue business as usual and minimize disruptions