As organisations have become more connected with increased information flows productivity has improved dramatically. The flip side to all this is that we are now more reliant on this data and information than ever before. If our organisations data becomes corrupted, destroyed or falls into the wrong hands it can have serious commercial and legal consequences. 

The adoption of an information security management system is a strategic decision for an organisation; it demonstrates a commitment to managing information appropriately and responsibly. 

Certification to ISO27001 provides you with an independent endorsement that your commitment to information security meets international standards. Clients, partners and other stakeholders can have confidence that your systems to protect information are appropriate, effective and have been audited regularly. Certification to ISO27001 may help you access markets, grow your client base and improve your systems. 

That’s where Compass Assurance Services comes in. We get it. 

What is the ISO 27001 standard all about? 

The ISO 27001 standard provides a framework for the development of information security management systems. The standards include requirements for the assessment and treatment of information security risks tailored to the needs of the organisation. It’s not all about risk though. The standard also addresses opportunities that may present themselves and provides a mechanism for highlighting and capitalising on these. The requirements of the standard are generic and intended to be applicable to all organisations regardless of the size or what type of business you operate. 

Determining the scope of your Information Security Management is an important initial consideration as is gaining a sound understanding of the needs and expectations of your stakeholders. 


Why does and organisation need to manage its information security? 

Information Security Systems developed under ISO 27001 are designed to preserve the confidentiality, integrity and availability of information by applying a risk management process. The adoption of these processes gives you, your employees, regulators and clients the confidence that your information security risks are known and adequately managed. 

Eliminating all information security risk from your business is probably not achievable. The controls adopted should be proportional to the level of risk. One could implement very onerous controls in order to bring risk ratings down to a bare minimum only to find that we are no longer able to conduct business effectively. The key to it all is balance, and an awareness of what risks are out there. 

Compass Assurance Services has experienced auditors with practical experience; we are able to work through the process, and the risk methodologies and controls you have applied to managing information security. 


In summary, what are the benefits of ISO 27001 certification to my business? 

  • With the adoption of the standard you will gain an in-depth appreciation of the current and potential security threats that could severely undermine your business and/or the data and information of you and your clients. 
  • You will have confidence that your processes to address your regulatory and legal obligations are appropriate 
  • You will have gained a powerful marketing tool, which may help you win new clients, enter new markets or put you in a different league to that of your competitors. 

You will have gained significant insights into how your business manages one of its most valuable commodities – information.