ISO 27001

Information Security Management Systems (ISMS)


There is no legal requirement to attain this standard nor is there a requirement to use an external body in assisting you with the process. The only “must” is the standard must be assessed and awarded via a UKAS approved certification body of which there are a number of choices.




The latest version of ISO 27001 was released in October 2013 and was an early adopter of the Annex SL framework which has now been adopted by ISO 9001 and ISO 14001.


Drivers for Accreditation

Each Organisation will have its own particular reasons for wishing to attain the current ISO 27001 Standard.  At EBM we recognise and respect the various reasons, and we recommend that whatever the driver the approach should be to embed the Standard within the Organisation.


Touch Points
  • Context of the Organisation

  • Leadership

  • Planning Risk Management

  • ISMS Policy & Objectives

  • Resources

  • Competencies

  • Communication

  • Operational Planning & Control

  • Documented Information

  • Performance Evaluation

  • Improvement


Benefits - Examples


  • Keeps confidential information secure.

  • Demonstrative management of risk.

  • Allows for secure exchange of information.

  • Allows you to ensure you are meeting your legal and regulatory obligations.

  • Provide you with a competitive advantage.

  • Requirement from an ever increasing number of clients.

  • Consistency in the delivery of your service or product.

  • Builds a culture of security.

  • Protects the company, assets, shareholders and directors.

  • Improved Corporate image.

  • Fast tracks many tendering processes.