ISO 27001 Information Security Management
Internationally known as the standard providing requirements for an information security management system. Enables businesses to manage security of assets such as financial information, intellectual property, employee details or information entrusted by third parties, also help towards GDPR compliance.
The way in which you look after and use corporate information can mean the difference between success and failure for your business. Get it right and you’ll grow your customer-base. Get it wrong and the risks and penalties can stop you in your tracks.
ISO 27001 certification demonstrates that your business has systems in place to protect corporate information and data, whether this is online or offline. By gaining ISO 27001, customer and stakeholder confidence is increased and your company’s reputation is improved, allowing you to stand out among competitors.
ISO 27017 Cloud Services Security
Within the 27000 family of standards ISO 27017 deals with additional security controls specifically related to cloud service providers and their customers.
The objectives of the standard are to provide a security control framework and implementation guidance for both cloud service customers and cloud service providers. It identifies the risks and associated controls to use
- Demonstrates your company has robust controls in place to protect cloud held data.
- Protects your brand reputation and reduces the risk of adverse publicity due to data breaches.
- Ensures that local regulations are complied with hence reducing the risk of heavy fines.
- Helps to grow your business by providing common guidelines across different countries
73% OF IT professionals say the biggest obstacle to cloud projects is the security of data
61% OF IT professionals believe the security of data residing in the cloud is an executive concern
ISO 45001 Occupational Health and Safety
ISO 45001 is an International Standard that specifies requirements for an occupational health and safety (OH&S) management system, with guidance for its use, to enable an organisation to proactively improve its OH&S performance in preventing injury and ill-health. ISO 45001 is intended to be applicable to any organisation regardless of its size, type and nature.
ISO 45001 enables an organisation, through its OH&S management system, to integrate other aspects of health and safety, such as worker wellness/wellbeing; however, it should be noted that an organisation can be required by applicable legal requirements to also address such issues.
Pre Assessment Audit
Who needs one?
Any organisation that has implemented a management system and wishes to determine its readiness to undergo a certification audit can seek a pre-assessment audit.
- Identify any non conformities and observations and implement corrective actions.
- Contributes in the optimal preparation for the certification audit.
- An company can focus its resources on weaknesses that might lead to non-conformities.
- Depending on the outcome, companies can decide to postpone a certification audit that has already been scheduled or, on the contrary, face the certification audit with a renewed confidence.
- Helps Companies avoid unnecessary additional costs.
About the Pre-Assessment Audit
A pre-assessment audit will be performed with the same objectivity as a certification audit. The auditor will conduct activities such as reviewing documentation relevant to the ISO certification the company is pursuing. Interview personnel and process owners and gather information to ascertain compliance. All audits will be carried out on site and as with any audit a report will be produced to highlight all non-conformities and observations found. This will enable the company to improve its processes were required and allow them to proceed to certification with confidence.