ISO 27001:2013 Information Security Management System
HKV website heading s
ISO 27001 Information Security Management System

An information security management system is a management system that focuses on driving and improving information security through identification, managing and minimizing information security threats. ISO 27001 requires organization to establish information security policy and objectives; determine process requirements; establish operational controls; tracking performance through monitoring and measurement; implement corrective action and conducting management review. In essence, it consists of the following clauses:

  • Clause 4 Information Security Management System
  • Clause 5 Management Responsibility
  • Clause 6 Internal ISMS Audits
  • Clause 7 Management Review of ISMS
  • Clause 8 Improvement of ISMS

Based on the Deming PDCA (Plan-do-check-it) cycle, ISO 27001 has the same basic structure as other international management system standards such as ISO 9001 or ISO 14001. It offers a common framework for integrating different management systems. Please refer to the Certification page for more details.

(ISO 9001, ISO 14001, OHSAS 18001, ISO 22000, ISO 27001)


Why is it relevant?

ISO 27001 is a requirement standard which means organizations can be certified to it. It is generic in nature and is applicable to organizations of various sizes and background.

39,501 ISO 27001 certificates had been awarded in 160 economies by the end of 2017.

How to proceed?

In order to capitalize the full offer of ISO 27001, organizations shall acquire an accurate understanding of the requirements and the intent of the standard. They shall perform a gap analysis to determine the status of the organization compared to the certification requirements. From top management to front line staff, all levels of staff shall acquire an appropriate level of understanding of the standard. Top management commitment is a critical success factor. Work on a realistic plan and not the least, ensure a strong buy-in from everybody.

HKV offers a full range of improvement based ISO 27001 training courses and certification services to address your needs.


Apart from due diligence benefits and enhancement in creditability through third party certification, an effective ISO 27001 management system shall deliver the following inherent benefits:

  • Sustainable and improving information security performance;
  • Platform for information security risk control and improvement;
  • Reduction in security breaches;
  • Improved staff motivation and information security consciousness; and
  • Due diligence and demonstration of information security commitment.

Contact us on your questions or requirements on certification.
Refer to the System Certification page for details on ISO 27001 certification.

Training Courses

HKV training courses are designed to offer different levels of staff the opportunity to acquire the necessary knowledge and skills to develop, implement, maintain and improve an effective management system.

Refer to the Training page for details ISO 27001 training. Contact us on your questions or requirements of in house training.

IRCA Approved Lead Auditor Course Public Training Schedule

Why choose HKV?

Our professional team, consisting of multiple experienced postgraduate degree holders, has an average of 25 years of professional experience with an exceptional depth of knowledge in the subject matter. Many of our team members are ISO Technical Committee members.
We do not focus on inconsequential details but rather centre on opportunities leading to continual improvement.
We response speedily to customer needs and expectations while maintaining our professional service integrity. Care to our customers is one of our shared values in HKV.
To promote the concept of sustained success and continual improvement; To deliver professional, value-adding conformity assessment solutions; To facilitate the competence development of people.

Integrity - Integrity is the bedrock of our business. We strive to operate in the highest moral standard.

People - People is the most important asset within our organization. We treat each other with trust and respect.

Innovation - We shall actively research into alternative methodologies and technologies in delivering our service and shall develop new products that will satisfy the needs of our customers.

Care - While maintaining our highest possible level of integrity, we strive to serve our customers with our hearts. We shall listen to their needs and wants and deliver a hassle-free, user-friendly service that will support their continual improvement and achieve excellence in performance. We care.