What is BS 7799 (ISO 27001)?
BS 7799 was introduced in 1995 as the British Standard for information security management. It has since been adopted as an international standard, ISO 27001.
Organisations (companies, government departments, local authorities, etc) can apply to have their security management systems assessed against the standard by independent third parties. These ‘certification bodies’ are appointed via the DTI and authorised to issue ISO 27001 certificates. The certificate is normally valid for three years and is dependent on periodic visits by the certification body.
ISO 27001 therefore enables customers to satisfy themselves that an organisation manages security effectively.
Why is ISO 27001 important?
ISO 27001 is an international yardstick by which customers, suppliers and other parties can measure the effectiveness of an organisation’s management of information security.
Rather than having to rely solely on their own judgement, ISO 27001 allows customers (at no cost to themselves) to use a qualified third party to verify whether the organisation’s security is well managed.
The fact that you have a security policy, procedures, firewalls, encryption etc tells customers that you have a security management system. Showing them an ISO 27001 certificate tells them whether it is any good.
More and more organisations are gaining ISO 27001 certification
What does this mean for you?
As a buyer, you can use ISO 27001 certification as a selection criterion. Make sure that those suppliers who have access to your sensitive or critical business information have an ISO 27001 certificate. You can check the list of certificated suppliers at www.iso27001certificates.com
If your business involves processing customer-owned information then you should apply for an ISO 27001 certificate. You can use this to assure your customers that you protect their data. Check www.iso27001certificates.com to see whether your competitors have ISO 27001 certification. If they don't, you have a great opportunity to gain an advantage.
vvvvvvvDiscover how to obtain certification by using our unique Guide to Information Security and achieving ISO 27001 certification
You will need a username and password. Contact us to apply for yours if you haven't used the site before or if you have forgotten your password.
The Guide is available free of charge to the public sector and suppliers of outsourced services.
Back to Information Security | Back to top