Get a FREE & FAST quote for our services

What service do you require?

Call for a quote on +44 (0)845 548 9001

Requirements of the ISO 27001 standard

What is the certification process?

Contact us


What is ISO 27001?

ISO 27001 is a specification for the management of information security. It is applicable to all sectors of industry and not confined to just information held on computers. Information may be printed or written on paper, stored electronically, transmitted by post or email, shown on films, or spoken in conversation.

What does information security cover?

– Confidentiality, ensuring that access to information is appropriately authorised
– Integrity, safeguarding the accuracy and completeness of information and processing methods
– Availability, ensuring that authorized users have access to information when they need it

Why apply for ISO 27001 certification?

The objective of ISO 27001 certification is to ensure that there are adequate confidentiality, integrity and availability controls in place to safeguard the information of interested parties. These include clients, employees, trading partners and consumers.

Unprotected systems are vulnerable to an array of threats, including computer-assisted fraud, sabotage and viruses. Such threats can be internal or external, accidental or malicious. Breaches in information security can allow vital information to be accessed, stolen, corrupted or lost.

Information is now globally accepted as being a vital asset for most organisations. Therefore the confidentiality, integrity, and availability of corporate and customer information may be essential to maintain competitive edge, cash-flow, profitability, legal compliance and commercial image.

What are the benefits to your company of ISO 27001 certification?

The ISO 27001 standard is intended to assist with these risks. It is easy to imagine the consequences and damage to a brand or organisation if its information was lost, destroyed, corrupted, burnt, flooded, sabotaged or misused.

An information security management system compliant to ISO 27001 can help you demonstrate to clients and suppliers that you take information security seriously. You will gain a competitive advantage; an ever-growing number of companies require certification to ISO 270001 as a prerequisite for doing business.

You will be able to make a public statement of capability without revealing your security processes. And by ensuring controls are in place, you reduce the risk of security threats and prevent systems from being exploited.

Whatever the media the information takes, or means by which it is shared or stored, the ISO 27001 standard assists in providing a system approach an organisation ensure it is always appropriately protected.

  • Demonstration of credibility and trust
  • Proven business credentials
  • Establishes that laws and regulations are being met
  • Openings in new markets
  • Ensures commitment to on-going information security
  • Customer satisfaction
  • Provides confidence to stakeholders, customer, trading partners, employees

Requirements of the ISO 27001 standard

The main requirements of the standard can be categorised as follows:

  • Security policy
  • Communications and operations management
  • Organisational security
  • Access control
  • Asset classification and control
  • System development and maintenance
  • Personnel security
  • Business continuity management
  • Physical and environmental security
  • Compliance with legislation
  • Systematic approach
  • Demonstrate conformity against specific targets and objectives
  • Improved management of environmental risk
  • Increased credibility from an independent assessment
  • Continual improvement which helps drive more efficient use of raw materials and enhanced performance leading to cost reductions.

What is the certification process?

The certification process is in three simple steps:

Application for certification

Complete the on line form for GlobalGROUP to send a quotation.

Initial Certification Audit

The assessment process is based on a 2 stage approach as follows:

Stage 1 – a basic audit to check whether the organisation is in a state of readiness for the stage 2 audit and involves the following:

  • Confirm that the quality manual conforms to the requirements of the ISO 27001
  • Production of a report that identifies any non-compliance or potential for non-compliance and
  • Confirm the scope of certification including any justifiable exclusions
  • Production of an assessment plan and confirm a date for the stage 2 assessment visit.
  • Check legislative compliance
  • Agree a corrective action plan if required.

Stage 2 – the purpose of this visit is to confirm that the quality management system fully conforms to the requirements of ISO 27001 in practice and involves the following:

  • Undertake sample audits of the processes and activities defined in the scope of assessment
  • Produce an audit programme and confirm a month and year for the first surveillance visit
  • Document how the system complies with the standard
  • Report any non-compliances or observations

Contact us

For more information about ISO 27001 please contact us by phone or email. We will be pleased to assist you.

Fixed Price Quotations

GSCS quotations are fixed at the same level for 3 years, inclusive of all travel time & expenses

International & National Accreditations

GSCS has international accreditations and local accreditations where this is a requirement

International Network

GSCS has 44 international offices across 5 continents and dealing locally with 15 languages

Competent Personnel

GSCS has 44 international offices across 5 continents and dealing locally with 15 languages

Certificate Validation

GSCS has an on-line system that allows the public to validate the authenticity of certificates


GSCS has a blog and social media team in place in order to keep clients up to date with changes


Get our certification email newsletter

No spam, just relevant info