ISO 27001


What is ISO 27001? 

Information is an asset that needs to be protected.  The characteristics that require protection include confidentiality  (ensuring that information is accessible only to those authorized to have access), integrity (safeguarding the accuracy and completeness of information and processing methods , and availability (ensuring that authorized users have access to information and associated assets when required).

Information Security Management System (ISMS) is a systematic approach to managing sensitive company information so that it remains secure.  It encompasses people, processes and IT systems.  ISO 27001:2005 is the international requirements standard for information security.  It is intended to be used in conjunction with ISO 17799, the ISMS Code of Practice which lists security control objectives and recommends a range of specific security controls.

Why implement ISO 27001 

ISO 27001 provides an way to manage security as a whole.  Security management in most organizations is done in a piece-meal fashion and there are significant oversight gaps.  For example, when a change is proposed, security risks are not evaluated; likewise, when a new server is implemented, security policies between various functions are not coordinated.  Managing the entire security system as an integrated process ensures that gaps are recognized; risks are identified and appropriately controlled.  The standard defines a structure and provides a comprehensive set of controls.  In essence, it provides a roadmap that allows a coherent approach to security management. 


Specific Benefits of ISO 27001:

All organizations, large and small, need to protect their private information from hackers, industrial espionage, and indiscrete use and dissemination.  Security becomes even more vital for:

  • Organizations with fiduciary responsibilities to their clients – stock brokerage,  …
  • Organizations that high intellectual proprietary content such as drug, software companies
  • E-business organizations
  • Organizations handling sensitive customer data (medical industry)
  • Data processing organizations

For all these organizations and situations, ISO 27001 provides a system for maximizing information security.  Firstly, it ensures that all risks are recognized, systematically evaluated and addressed to minimize potential exposures.  Secondly, it provides an assurance to clients that the security practices conform to industry best practices. 


How can EuroQuest Help?

Our team provides ISO 27001 consulting, auditing, and training services to companies of all sizes and in all industries.  We provide our clients with risk mitigation advice and benchmark against ISO 27001, ITIL (ISO 20000), ISO 9001, Basel II, FSA Regulation, Sarbanes Oxley, and PAS 56.  We assist clients to achieve ISO 27001 compliance and / or registration.  Our solutions help companies leverage their resources to provide value add throughout the company. Whether you are looking for a small amount of guidance, or a complete turn-key system, we can help.  We measure our success by your improvement.


Phone: 770-395-0124 or 800-355-3876 • Fax: 770-395-0737
Email: •