Managing Risks with ISO 27001 Certification

Hacked cyber attack-1


What would you do if:

  1. You received a personal email demanding £1000 so that you and your staff might regain access to your own computer system (ransomware attack).
  3. The innovative ideas incorporated into your new product range are already known Competitors who are already incorporating them into their products (cyber or old-fashioned espionage).
  5. A major marketing launch is being hijacked by a key competitor who already knows in detail your 2019 Marketing Plan (for vengeance or payment).

And have you any idea of the extent to which you and your business are exposed to such threats?

Importance of Implementing an Information Security Management System (ISMS)

Well and good if your information security is such that the risk of this type of event is both known and acceptably low. Otherwise, you need to consider implementing an ISO 27001 information security management system.Path to ISO 27001 Certification

ISO 27001:2013 is the internationally-recognised Standard for an Information Security Management System (ISMS).

An Information Security Management System provides a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving the protection of information assets. It's designed to achieve business objectives based upon a risk assessment and the organization’s risk acceptance levels (that is, the level of risk you are prepared to accept).  

An ISMS is designed to effectively treat and manage risks. Analysing requirements for the protection of information assets and applying appropriate controls to ensure the protection of these information assets, as required, contributes to the successful implementation of an ISMS.

Applications of Information Security Management Systems

Information security having initially focused on vulnerabilities in the banking industry, the impression was created that information security is about protecting computer systems.  The scope of an Information Security Management System goes far beyond this to include all types of information asset.

  • Contracts and agreements (customers, suppliers, personnel, NDAs, etc)
  • Infrastructure (technical, IT, premises/facility, utilities, maintenance & servicing)
  • Premises control systems (CCTV, access, fire alarm, PIR/movement, etc)
  • Software and applications (what you are working with)
  • Hardware (incl. printers, desk phones, etc)
  • Mobile devices (notebooks, mobile phones, etc)
  • Web sites (internet and intranet)
  • Intangible assets (company reputation, personnel qualification, experience and skills)
  • Personnel records and all personal data
  • Archives and back-up (hard and soft)
  • Operating procedure, analytical methods, test methods & other documentation
  • Certificates, Licenses and assorted registration documents
  • Authorization systems (e-signatures, credit/debit card information, banking details, etc.)
  • Business continuity (disaster recovery plans)
  • And more that I can’t think of at the moment!



Well you should be as you truly have a lot to lose.

ISO 27001 implementation will help you and your organization knowingly manage the threats to your business information. You won’t miss not having an ISMS until an information breach/loss gets your company’s name all over the media and customers or regulatory authorities start asking questions.

Learn more about ISO 27001

Read the overview of our ISO 27001 courses including an ISO 27001 Lead Implementer Course for those wishing to implement an information security management system to learn more.

Visit the ISO 27001 Lead Implementer Product Page


Written by Dr John FitzGerald

Director & Founder of deGRANDSON Global. He spent 15 years in the manufacturing industry and 25 years training, consulting & auditing management systems

Subscribe to Email Updates


Recent Posts

Posts by Topic