ISO 27001: Information Security Management

If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked

White House Cybersecurity Advisor, Richard Clarke

Taking care of your data is fundamental to good business practice

  • Every business needs data in order to operate; how well is yours protected?
  • Do you comply with the Data Protection Act 1998?
  • Do you know what might be the consequences of one of your employees losing some important data?

The Information Commissioner's Office advises SMEs to ensure all electronic copies of their customer information is encrypted after the owner of a loans company was fined £5,000 after a hard-drive was stolen from his car.

At the other end of the scale, NHS Surrey were issued with a £200,000 fine for selling two old laptops on eBay, which contained some 3,000 patient records.

Information security to suit your requirements

You can manage this by implementing an Information Security Management System. BS10012:2009 - Data protection. Specification for a personal information management system, is the best place to start. We can help you build a secure system based on this standard so that you know the risks and can control them.

At a higher level, particularly if you are already certified to ISO 9001:2008, you may consider implementing ISO 27001:2013. This will integrate well with your existing system and provide your business with the very highest data security profile. We can help you implement a bespoke system to meet your particular needs.


To learn how ISO27001 and Stretton Associates can give your company the data security reassurance it needs

Get your free assessment now

or simply call us on
07968 185210

Featured Standards

Still not sure?

Why not take part in one of our awareness training courses and learn how your organisation can benefit.


Training Courses from Stretton Associates

Back to top