To achieve certification, organisations must first identify the information they process, then undertake a systematic review of information security risks and their potential impact. Once all risks are identified and understood, the organisation must design and deploy appropriate processes and controls to deal with any risks that exceed its risk tolerance.
Vicky Mudge, Information Security Manager explained: "ISO 27001 provides the specification for an effective Information Security Management System – a framework that offers a structured, comprehensive approach to managing information security risks across the three pillars of information security: people, processes and technology, and takes a risk-based approach to securing information assets. Importantly, the accreditation places a strong emphasis on continual improvement to ensure controls remain effective over time ensuring standards must be maintained.”
“At Birketts we are absolutely committed to protecting client information and achieving the highly-coveted ISO 27001 standard demonstrates our commitment to robust security, on-going risk management and protecting sensitive information. Achieving certification provides our clients with independent verification of the standard we uphold, giving them confidence and peace of mind in our approach," added Jonathan Agar, Chief Executive Officer at Birketts.