Information is the lifeblood of every organisation. It is essential to manage and control the confidentiality, integrity and availability of information and also authenticate its users. Applying information security principles and controls is how we do this. Information security as defined in the International Standard, commonly referred to as ISO 27001:2013, goes beyond the obvious IT security focus that most people imagine. It covers information security policy, managing information security, people security, information asset management, information access control, cryptography, physical and environmental security, IT operations security, communications security, system acquisition, development & maintenance, supplier relationships, information security incident management, information security aspects of business continuity management and compliance with relevant laws, regulations, contracts and policies.
Davey Continuity can help you review your current information security controls against the expectations of ISO 27001:2013 and provide you with a gap analysis and a clear roadmap to either align you with the standard or take you through to the formal certification audit, if that is your aim. We can also provide the resource and expertise to do the essential work for you. At a more basic level we can advise you how to improve your current controls if that is all you are looking for.
Our experience also allows us to advise you on compliance with the UK’s Data Protection Act 2018 and the EU’s General Data Protection Regulation (GDPR).