ISO 27001

Data – "information" – is increasingly an extremely valuable asset of any business and consequently it is crucial that it is kept secure. Effective IT security is a critical part of this because much information is now stored or processed by IT systems, however these are not the only areas of information risk to an organisation. In order to properly identify and minimise risks it is advisable, and increasingly the norm, for businesses to have an information security policy as part of an Information Security Management System (ISMS).

An ISMS is how a business manages its’ information in a way that ensures that it remains secure (which means available, confidential and uncorrupted) and encompasses people and processes as well as IT systems. It is likely that in due course businesses, in keeping with Public Services and Government will be legally obliged to conform to a minimum standard of ISMS and without which they may not be able to obtain insurance protection against many information threats. It therefore makes good sense to consider how an ISMS may best work for your organisation and Meritec can help with that.

The international standard ISO27001:2005 provides a framework for how such a system should be implemented and for those organisations of a size where it is justifiable compliance with this accreditation is of high value. Meritec holds this accreditation and is consequently well placed to help organisations to understand, prepare for and gain compliance. However many businesses will rightly feel they cannot justify the time and other overheads needed to gain such compliance nor do they necessarily need it in full. For these customers Meritec provides services to help them implement an Information security system appropriate for their individual needs based on good practice from ISO 27001. This facilitates a cost effective way of making the organisations’ information (including IT systems) more secure.