If you are considering ISO 27001 certification for the first time, then this article is for you. It outlines the standard's requirements and how they fit into the PDCA (Plan-Do-Check-Act) cycle.
It seems that every day another information security incident makes the news. Because of that, organisations are increasingly looking to implement ISMS (information security management systems) to preserve the confidentiality, integrity and availability of their information.
There are several models that may be used as a basis for an ISMS, but the ISO 27001 standard is fast becoming the model specified in tender invitations etc. It is an international standard that specifies requirements for an ISMS and enables organisations to seek formal certification. Achieving and maintaining certification provides a definite statement of intent and a strong assurance to clients and other interested parties.
The PDCA cycle
The PDCA cycle is a key principle behind all modern ISO management system standards - and ISO 27001 is no exception. This is how the 4 quadrants of the cycle relate to its clauses and required controls:
- PLAN - This relates to clauses 4 to 7: Context of the organisation, Leadership, Planning for the ISMS, and Support
- DO - This relates to clause 8: Operation - and all controls listed in the standard's Annex A. The Annex lists objectives and controls to be considered and addressed as applicable. These form a major part of any ISMS based on that standard.
- CHECK - This relates to clause 9: Performance evaluation
- ACT - This relates to clause 10: Improvement
We have produced the article linked below to provide you with an introduction to the standard and how it fits into the cycle. It includes a brief, plain-English summary of the various requirements.
Qudos and its partners can provide a range of gap analysis and certification audit services to meet your information security management needs.
Contact us if you would like to know more about getting ISO 27001 certification for your organisation.