ISO27001 Information Security

Beeches Consulting specialises in helping organisations to rapidly and cost-effectively achieve ISO27001 certification.  We have run ISO programmes for global $multi-billion organisations as well as many UK based SMEs.  With the current serious concerns surrounding corporate cyber-attacks with ransomware attacks being increasingly common outcomes, we are well placed to help you protect your business cost-effectively. 

Solid Cyber Security disciplines within an organisation will reduce the risk of cyber-attacks and protect against the unauthorised exploitation of your systems, networks and technologies. ISO 27001 is the internationally recognised approach to implementing Cyber Security disciplines and can support a wider range of Information Security related compliance requirements including GDPR. 

Information is many organisations most valuable resource which can either make or break your business. Increasing threats mean that ensuring you understand what is required to protect, control and maintain the Confidentiality, Integrity and Availability of your information is now a key challenge facing most organisations.

This is ever more important for many organisations now facing new challenges associated with changes to working practices following the pandemic and how these changes and the so-called ‘human firewall’ is being exploited by increasingly sophisticated cybercrime networks. Most ransomware attacks start via a phishing attack so make sure your team isn’t your weakest link.

ISO27001 is an internationally recognised specification for a framework for managing information security. It comprises an Information Security Management System (ISMS) designed to address the complete information security requirements and management approach to information security within an organisation. Certification to ISO27001 is recognised worldwide as an indication that your ISMS is aligned with Information Security Best practice.

Implementation of an ISO27001 ISMS

At Beeches Consulting we have helped many UK and global organisations achieve ISO27001 certification.  The implementation follows three key stages as follows:

  1. Create the ISMS framework, detailing the strategy, aims and objectives for Information Security within the organisation. This framework must reflect the context of the organisation and have widespread support. Beeches Consulting helps you obtain this support from the board level downwards.
  2. Identify the Information Security risks faced by the organisation. Via a methodical audit of security risks, Beeches Consulting will help to identify risks and appropriate action plans to deal with them as required.
  3. Select and implement controls to mitigate risks. Controls may include policies, changes to working practices, new procedures, software implementations or changes to physical structures. The controls needed and the approach to implementing them will vary by organisation.

Achieving ISO certification 

Once all the requirements of the ISO 27001 standard have been met, we then apply, with you, for certification via a UKAS accredited certification body. The above work will have prepared your organisation for the ISO audit which the certification body carries out in three stages (and we will fully support you through this process):

Stage 1Stage 2Stage 3

Stage 1 – documentation review, including the policy, Information Security Management system, risk assessment, risk treatment plan, the Statement of Applicability and security policies, procedures and controls. They will also undertake a review of the identified controls you have implemented to ensure they are appropriate to the size and nature of your organisation.

Stage 2 – this will be a more involved audit to ensure what happens in practice follows your documented procedures and that appropriate records are being maintained. Following a successful audit, a certificate of registration to ISO 27001 will be issued.

Stage 3 – is the process of ongoing audit, known as surveillance visits. These are carried out by your selected certification body once or twice per year to ensure the procedures are being maintained.

Clients

Logos 01
Logos 02
Logos 03
Logos 04
Logos 05
Logos 06
Logos 07
Logos 08
Logos 09
Logos 10