Information is the lifeblood of every organisation. It is essential to manage and control the confidentiality, integrity and availability of information and also authenticate its users. Applying information security principles and controls is how we do this. Information security as defined by the new version of the International Standard, commonly referred to as ISO27001:2013, goes beyond the obvious IT security focus that most people imagine. It covers information security policy, managing information security, people security, information asset management, information access control, cryptography, physical and environmental security, IT operations security, communications security, system acquisition, development & maintenance, supplier relationships, information security incident management, information security aspects of business continuity management and compliance with relevant laws, regulations, contracts and policies.
Davey Continuity can help you review your current information security controls against the expectations of ISO27001:2013 and provide you with a gap analysis and a clear roadmap to either align you with the standard or take you through to the formal certification audit, if that is your aim. We can also provide the resource and expertise to do the essential work for you. At a more basic level we can advise you how to improve your current controls if that is all you are looking for.
Our experience also allows us to advise you on compliance with the UK’s Data Protection Act. This could be in the form of a review of your current procedures and processes and subsequent delivery of a report giving our findings and advising what to do at a practical level should improvements be recommended.