Information is the lifeblood of every organisation. It is essential to manage and control the confidentiality, integrity and availability of information and also authenticate its users. Applying information security principles and controls is how we do this. Information security as defined in the International Standard, commonly referred to as ISO/IEC 27001:2022, goes beyond the obvious IT security focus that most people imagine. It covers organisational, people and physical controls as well as technological via a total of 93 controls that can be adopted to treat the information security risks you face.
Davey Continuity can help you review your current information security controls against the expectations of ISO 27001:2022 and provide you with a gap analysis and a clear roadmap to either align you with the standard or take you through to the formal certification audit, if that is your aim. We can also provide the resource and expertise to do the essential work for you. At a more basic level we can advise you how to improve your current controls if that is all you are looking for.
We are fully versed in the 2022 version of the standard and how to transition from the 2013 version. If you need to transition, or are looking to newly certify against the 2022 version, then please do get in touch.
Our experience also allows us to advise you on compliance with the UK’s Data Protection Act 2018 and the EU’s General Data Protection Regulation (GDPR).