An information security management system is a management system that focuses on driving and improving information security through identification, managing and minimizing information security threats. ISO 27001 requires organization to establish information security policy and objectives; determine process requirements; establish operational controls; tracking performance through monitoring and measurement; implement corrective action and conducting management review. In essence, it consists of the following clauses:
- Clause 4 Information Security Management System
- Clause 5 Management Responsibility
- Clause 6 Internal ISMS Audits
- Clause 7 Management Review of ISMS
- Clause 8 Improvement of ISMS
Based on the Deming PDCA (Plan-do-check-it) cycle, ISO 27001 has the same basic structure as other international management system standards such as ISO 9001 or ISO 14001. It offers a common framework for integrating different management systems. Please refer to the Certification page for more details.
(ISO 9001, ISO 14001, OHSAS 18001, ISO 22000, ISO 27001)
ISO 27001 is a requirement standard which means organizations can be certified to it. It is generic in nature and is applicable to organizations of various sizes and background.
39,501 ISO 27001 certificates had been awarded in 160 economies by the end of 2017.
In order to capitalize the full offer of ISO 27001, organizations shall acquire an accurate understanding of the requirements and the intent of the standard. They shall perform a gap analysis to determine the status of the organization compared to the certification requirements. From top management to front line staff, all levels of staff shall acquire an appropriate level of understanding of the standard. Top management commitment is a critical success factor. Work on a realistic plan and not the least, ensure a strong buy-in from everybody.
HKV offers a full range of improvement based ISO 27001 training courses and certification services to address your needs.
Apart from due diligence benefits and enhancement in creditability through third party certification, an effective ISO 27001 management system shall deliver the following inherent benefits:
- Sustainable and improving information security performance;
- Platform for information security risk control and improvement;
- Reduction in security breaches;
- Improved staff motivation and information security consciousness; and
- Due diligence and demonstration of information security commitment.
Contact us on your questions or requirements on certification. Refer to the System Certification page for details on ISO 27001 certification.
HKV training courses are designed to offer different levels of staff the opportunity to acquire the necessary knowledge and skills to develop, implement, maintain and improve an effective management system.
Refer to the Training page for details ISO 27001 training. Contact us on your questions or requirements of in house training.
International Organization for Standardization Home Page
ISO store (purchase of standards)
ISO/IEC JTC 1/SC 27 IT Security techniques
Hong Kong Accreditation Service
International Registrer of Certificated Auditors (UK)