ISO 27001:2005

Make your information safe and keep it that way

The ISO 27001:2005 Information Security Management Systems (ISMS) certification enables you to demonstrate your commitment to information security and customer satisfaction, as well as continuously improving your corporate image. The standard is made of two parts:

1. ISO 17799: Guidance on implementing ISMS.
2. ISO 27001: Standard against which ISMS can be certified.

The first step is to define the scope of the ISMS policy. This is critical to identify the potential dangers you face and decide a systematic approach to how to assess these risks. A successful ISMS includes standard steps for implementation, operation, review, maintenance and improvement of the system.

The ISO 27001:2005 standard effectively covers eleven sections:

• Security policy
• Organization of information security
• Asset management
• Human resources security
• Physical and environmental security
• Communications and operations Management
• Access control
• Information systems acquisition, development and maintenance
• Information security incident management
• Business continuity management
• Compliance

To start with, an assessment is made on how your ISMS have been implemented to identify the gap vs. the standard requirements. After gaps have been filled, the initial audit follows. From the audit, you will receive a report that outlines the key measures needed to receive positive certification. Once no major corrective action is required, you’ll obtain direct certification. Annual compliance audits will follow and the certificate will be renewed every three years as long as systems are maintained.

The benefits of ISO 27001:2005

The reputation of ISO and the certification against the internationally recognized ISO 27001:2005 enhances any company’s credibility. It clearly demonstrates the validity of your information and a real commitment to upholding information security. The set up and certification of an ISMS can also transform your corporate culture both internally and externally, opening up new business opportunities with security conscious customers/clients, in addition to improving employee ethics and the notion of confidentiality throughout the workplace. What’s more, it allows you to enforce information security and reduce the possible risk of fraud, information loss and disclosure.

Organizations certified to BS 7799 will be transitioned to ISO 27001. According to the January 2006 UKAS Transition Statement, companies certified to BS 7799-2:2002 will be given until July 2007 to make the transition.

Why SGS?

Certifying your Information Security Management Systems through SGS will help your organization develop and improve performance.

Your ISO 27001:2005 Information Security Management System certificate from SGS enables you to demonstrate high levels of information security when bidding for international contracts or expanding locally to accommodate new business.

Regular assessment performed by SGS helps you to continually use, monitor and improve your information security management system and processes. This improves the reliability of your internal operations to meet customer requirements, as well as overall performance. You will also most likely gain a significant improvement in staff motivation, commitment and understanding of their responsibility in information security.

To date, hundreds of small, medium and international companies use SGS as their certifying body to perform the audit of their ISMS against the requirements of the BS 7799 or ISO 27001:2005, confirming SGS as one of the world’s most preferred certifying bodies for this standard.

Our team of qualified, multi-industry experienced auditors delivers the most professional ISO 27001:2005 certification audits to assist you in meeting your information security and business objectives.