Executive Briefing

It’s never been more important to protect the information in your organization. Cyber-attacks have become more prevalent and sophisticated, supply chains are more complex, and the volume of important information handled by organizations continues to increase. If you don’t make sure your information is secure you could risk financial penalties or fines. You just can’t afford not to have
a system in place to protect the information in your business. ISO/IEC 27001 helps you manage information so it remains safe and secure so you can build a responsive and resilient business.

ISO/IEC 27001:2013

The related costs and disruption caused by incidents where information security has been compromised continues to soar and can be hugely damaging.

A security breach will cost an organization almost $1m on average*

ISO/IEC 27001 can help protect your organization and reduce risk by putting in a robust and systematic approach to managing information. With this standard in place BSI clients have discovered the following business benefits:

• 80% inspires trust in our business

• 75% reduces business risk

• 71% protects our business

When you implement ISO/IEC 27001, it can help protect your reputation, save money, achieve compliance, and reduce risks. By embracing the standard and putting in place effective processes you will send a clear signal to clients, employees, and other stakeholders that you are serious about information security.

Here is how ISO/IEC 27001 can help your organization.

Bringing information security into the heart of
your business

It raises the Importance of information security in your organization and ensures it supports your business strategy and objectives. It’s really a business management tool which helps you understand what information you have, where it is, and most importantly, how you protect it. It’s the most effective way of managing your information and can save you from costly fines and losses.

Helps you win more business and protects your
reputation

ISO/IEC 27001 clearly demonstrates that you take information security seriously. It helps reassure customers and suppliers that you have identified risks and have best practice in place to control and minimize these. It helps to differentiate your organization, satisfy tender or supply chain requirements and expand into new markets. And it protects you from the adverse publicity that comes with security breaches.

Led from the top – one organization working
together

ISO/IEC 27001 requires commitment and involvement from your leadership team.

Top management are responsible for the system’s effectiveness and for making sure the whole organization understands how they contribute to the Information Security Management System, (ISMS). Recent trends show that people are as likely to cause a data breach as viruses and other types of malicious software. Creating a culture whereby the importance of information security is promoted and embraced avoids confusion and provides clarity.

Helps you identify risks and improve

You’ll need to identify and manage risks relevant to your ISMS and continually evaluate its effectiveness. This is particularly important when technology is constantly changing and new threats can arise suddenly. You will need to evaluate the effectiveness of the controls you put in place to manage risk and make sure they are proportionate to the potential impact on your business. This will help to keep your organization resilient and optimize the performance of your ISMS.

Top tips on making ISO/IEC 27001 effective for you

Every year we help tens of thousands of clients. Here are their top tips.

  • Top management commitment is key to making implementation of ISO/IEC 27001 a success.

    They need to be actively involved and approve the resources required.

    “The earlier that organizations talk to senior managers, the better it will go for them so have those discussions early”.

  • Think about how different departments work together to avoid silos.

    Make sure the organization works as a team for the benefit of customers and the organization.

    “The key to implementing the standard lay in getting staff to think about information security as an integral part of the daily business and not as an additional burden”.

  • Review systems, policies, procedures and processes you have in place.

    You may already do much of what’s in the standard, and make it work for your business. You shouldn’t be doing something just for the sake of the standard. It needs to add value.

    “Don’t try and change your business to fit the standard. Think about how you do things and how that standard reflects on how you do it, rather than the other way around”.

  • Speak to your customers and suppliers.

    They may be able to suggest improvements and give feedback on your service.

    “Certification allows us to go one step further by offering our customers the peace of mind that we have the best controls in place to identify and reduce any risks to confidential information”.

  • Train your staff to carry out internal audits of the system.

    This can help with their understanding, but it could also provide valuable feedback on potential problems or opportunities for achievement.

    “The course was loaded with practical exercises and real-case scenarios and was structured in a way that it encouraged participants to be interactive and share their experiences in information security”.

  • And finally, when you gain certification celebrate your achievement and use it on your literature, website and promotional material.

Ready to talk?