ISO 27001 was developed to “provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system.” It is a platform/technology neutral framework, designed around how organisations manage IT risks and systems.
To achieve ISO/IEC 27001:2013 compliance there are seven areas companies need to manage, all of which are examined as part of the certification process: the context of an organisation, leadership, planning, support, operational planning and processes, evaluation process and improvements.
Certification establishes a higher trust rating between organisations of different sizes since IT infrastructure will carry the same security requirements, making it easier to transfer and store sensitive information.
This award reflects IMD’s overall commitment to information security and provides independent verification that the organisation has met the rigorous assessment criteria. It is part of our drive to continuously improve services, products and internal processes to guarantee strict data governance.
The award of the ISO 27001 standard compliments the recent certification of our IT infrastructure under the Cyber Essentials Plus programme, demonstrating our commitment to industry best practice in the Secure Environment. It also adds an additional certification to our portfolio alongside our existing ISO 9001 standard.
On receiving the certification, Operations Director, Graham Joyce commented, “Earlier this year we made the decision to formalise our wealth of expertise within an information management security system and seek certification against the international standard.
As well as providing a framework for best practice and continuous improvement, the certification provides us with additional credibility as we move into the Cyber Security and Secure Government markets. It will also facilitate our aim to move towards prime contracts with existing Defence clients and provide external verification that we not only have the best tools but are able to implement, manage and support those tools for all of our clients to the highest standard.”