ISO 27001: Information Security System
Today an important aspect of every business is safeguarding clients’ and staffs’ sensitive personal information. WQS is an experienced ISO 27001 consultancy that can help you gain ISO27001 accreditation and protect this data.
Records that need protecting include:
- Contact; home addresses and private telephone numbers.
- Financial; salary level, bank account, pension and credit card details.
- DBS check results and any criminal records.
- Medical information.
- Driving license details.
- Lists of clients and suppliers.
- Company processes and trade secrets.
There is a range of practices that can be used to ensure data is protected. These include:
- Entry restriction to buildings, rooms and storage cabinets.
- Password protection for operating systems and electronically stored data.
- Password controls.
- Anti-virus software and system breach logs.
There are four elements to setting up ISMS (Information Security Management System).
PLAN (Establish the ISMS)
Create an ISMS policy, objectives, processes and procedures.
DO (Implement and operate the ISMS)
Implement and operate the ISMS policy, controls and procedures.
CHECK (Monitor and review ISMS)
Assess and measure process performance against the ISMS policy, objectives and practical experience.
Report the results to management for review.
ACT (Maintain and improve the ISMS)
Based on the results of the review implement corrective or preventative actions.
* ISMS = Information Security Management System.