Information Security

Management system for information security to ISO/IEC 27001 (Requirements) which follows ISO/IEC 27002 (Code of Practice)


  • Identification of risk areas and their evaluation
  • Security policy and its controls
  • Technical security of IT-Systems
  • Organisational security (control of information)
  • Processes are integrated in one information security management system (ISMS)
  • Systematic improvement of information security through an ISMS
  • Ensuring business continuity

The question of which factors are considered most critical when implementing the ISO 27001 standard, particularly with respect to ISO 27002, is one which is raised frequently. However, guidance on this actually provided within the standard itself, which indicates that these are:

  • security policy, objectives and activities that properly reflect business objectives
  • clear management commitment and support
  • proper distribution and guidance on security policy to all employees and contractors
  • effective "marketing" of security to employees (including managers)
  • provision of adequate education and training
  • a sound understanding of security risk analysis, risk management and security requirements
  • an approach to security implementation which is consistent with the organizations own culture
  • a balanced and comprehensive measurement system to evaluate performance in IS management and feedback suggestions for improvement


Print Email

Cookies facilitate the provision of our services. By using our services, you agree that we use cookies.