ISM is a division of Pondergrove Ltd Management Systems


ISM exhibiting at LGA Conference 30 Jun – 2 Jul 2009
Read >

Seminar at Donnington Valley, Newbury
Read >

ISM consultants’ membership of CLAS renewed
Read >

News archive >

Home > Information security > ISO 27001

What is ISO 27001 (BS 7799)?

BS 7799 was introduced in 1995 as the British Standard for information security management. It has since been adopted as an international standard, ISO 27001.

Organisations (companies, government departments, local authorities, etc) can apply to have their security management systems assessed against the standard by independent third parties. These ‘certification bodies’ are appointed via the BERR and authorised to issue ISO 27001 certificates. The certificate is normally valid for three years and is dependent on periodic visits by the certification body.

ISO 27001 therefore enables customers to satisfy themselves that an organisation manages security effectively.

Why is ISO 27001 important?

ISO 27001 is an international yardstick by which customers, suppliers and other parties can measure the effectiveness of an organisation’s management of information security.

Rather than having to rely solely on their own judgement, ISO 27001 allows customers (at no cost to themselves) to use a qualified third party to verify whether the organisation’s security is well managed.

The fact that you have a security policy, procedures, firewalls, encryption etc tells customers that you have a security management system. Showing them an ISO 27001 certificate tells them whether it is any good.

More and more organisations are gaining ISO 27001 certification.

What does this mean for you?

As a buyer you can use ISO 27001 certification as a selection criterion. Make sure that those suppliers who have access to your sensitive or critical business information have an ISO 27001 certificate. You can check the list of certificated suppliers at

If your business involves processing customer-owned information then you should apply for an ISO 27001 certificate. You can use this to assure your customers that you protect their data. Check to see whether your competitors have ISO 27001 certification. If they don't, you have a great opportunity to gain an advantage.

Back to Information Security

Call us now
+44 (0) 1635 817309

Enquiry form

Job title

Required fields in Bold

Privacy & disclaimer >