SlideShare a Scribd company logo
1 of 4
Download to read offline
We have become increasingly dependent on information technology to run our
organisations. At the same time, this technology is being abused to perform illegal
or malicious activities, such as stealing credit card numbers and intellectual
property, illegally transmitting trade secrets and disrupting vital communications.
Increasingly, security breaches and hacking attempts are targeted towards
specific organisations to steal valuable information such as business contracts,
customer lists, industrial secrets and financial data leading to a loss of business,
identity theft and data breaches.
Ultimately, the greatest damage will be to the organisation’s reputation due to
customers losing faith in its ability to protect their personal data.
As security threats grow within the environment we live in, it is becoming
ever more vital for an organisation to have an effective information security
management system (ISMS) in place which includes appropriate controls to help
reduce or eliminate security risks.
Why Information Security?
NEVER STOP IMPROVING
INFORMATION
SECURITY
BEST PRACTICE
GUIDE
“Attacks against small
businesses increased by 10%
in the past year, costing up to
6% of their turnover.”
Source : The 2013 Information
Security Breaches Survey
The best practice elements below should
be considered in order to successfully
implement an Information Security
Management System.
Senior management commitment
It is vital senior management understand and
fully support the information security policies and
procedures within their organisation. They should
be ambassadors who continually demonstrate
the importance of information security to the
entire organisation. Only by having full support
from senior management can all employees
understand their part in the management system
and its continual improvement.
Determine risk and vulnerabilities
The organisation should conduct a risk
assessment to determine what data is critically
important to the needs of the business, this is vital
in order to combat risks to your organisation’s
assets. You will need to identify the assets,
consider the threats that could compromise
these assets, and estimate the damage that the
realisation of any of these threats could pose.
Policies and procedures
Organisations should develop their policies and
procedures based on the vulnerabilities and
threats identified. By recognising the processes
within your organisation, you can select and
implement the controls needed to manage these
vulnerabilities. When placing controls on the
system consideration should be taken to ensure
these controls do not become a hindrance to the
very processes the business depends upon.
Information security awareness
It is vital that information security awareness
starts at an executive level and proceeds to be
engrained throughout the whole organisation.
Security policies should be consistent with the
organisation’s culture and therefore should be
rooted deep into its ethos.
A key task for an organisation is to ensure that
their employees understand the importance of
information security and how they play a part in
applying it to their daily working life. Ideally training
should be conducted by a knowledgeable trainer
who can address social engineering as well as
internet and email best practice.
Continual Improvement
Top management should review the ISMS at
planned intervals. The review should include
opportunities for improving the information
management system, including the security policy
and security objectives with specific attention to
previous corrective or preventative actions and
their effectiveness.
Ultimately, continual monitoring of the
management system and the visibility it provides
enables top-level management and key
stakeholders to improve governance through on-
going evaluation of critical control factors.
“In 2012,
identity fraud
incidents
increased by
more than one
million victims
(the highest
amount since
2009).”
Source:
Javelin Strategy
& Research
The weapon of choice
ISO 27001 has become synonymous
within information security. This
standard is now the fastest growing
management system two years in a
row and has been implemented by over
19,000 organisations. The standard can
be integrated across all business sectors,
regardless of the size and nature of
business.
As we continue towards a highly technical
dependent environment the need to ever
more secure information is apparent.
Therefore ISO 27001 is proving to become
the weapon of choice.
What are the benefits of certification?
An organisation can gain a more competitive
edge, increase stakeholder confidence,
profitability and ensure legal compliance
by obtaining certification to ISO 27001, the
international standard for information security
management systems.
Certification to ISO 27001 should be sought from
a UKAS (United Kingdom Accreditation Service)
accredited certification body.
Accreditation is the formal recognition from UKAS
to the organisational competence of a conformity
assessment body to carry out a specific service
in accordance to the standards and technical
regulations as described in their scope of
accreditation.
NQA are UKAS accredited to certify an
organisation to ISO 27001. Certification is the
procedure by which a third party, such as NQA
gives written assurance that a product, process or
a system conforms to specified requirements.
By gaining certification through NQA, your
organisation can demonstrate with credibility
how the security of your information has been
addressed, implemented, properly controlled
and independently audited by a third party
organisation.This will prove your organisation’s
commitment to information security, and will
increase the confidence of your customers,
trading partners and all stakeholders involved.
NQA can help you
NQA is a global leading assessment, verification
and certification body and works in partnership
with a wide range of businesses, government
departments and charitable organisations to help
improve management performance.
NQA has certified organisations to ISO 27001
(Information Security) in a diverse range of sectors
including SmartWater Technology, Barcode
Warehouse and The European Space Agency.
•	Customer	satisfaction
by giving confidence that their personal
information is protected and confidentiality
upheld
•	Business	continuity
through management of risk, legal compliance
and vigilance of future security issues
and concerns
•	Legal	compliance	
by understanding how statutory and regulatory
requirements impact the organization and
its customers
•	Improved	risk	management
through a systematic framework for ensuring
customer records, financial information and
intellectual property are protected from loss,
theft and damage
•	Proven	business	credentials
through independent verification against
recognized standards
•	Ability	to	win	more	business
particularly where procurement specifications
require certification as a condition to supply
“ISO 27001
certification is
widely
recognized and
we regard the
Standard as
a commercial
necessity.”
Senior Systems
Manager,
Smart Water
“We want our customers
to have confidence in us. By
seeking certification to ISO
27001 they can rest assured
we’ve reached demanding
high international standards
that enable us to protect their
information assets.”
Managing Director, Capito
Let’s	talk.	Please	give	us	a	call	or	email	us	today.
NQA, Warwick House, Houghton Hall Park, Houghton Regis, Dunstable,
Bedfordshire LU5 5ZX, United Kingdom
08000 522424 info@nqa.com www.nqa.com/isms

More Related Content

What's hot

Igs animation s;lide
Igs animation s;lideIgs animation s;lide
Igs animation s;lide
Recommind
 
IREC165473PR RP 2017 Security Outlook
IREC165473PR RP 2017 Security OutlookIREC165473PR RP 2017 Security Outlook
IREC165473PR RP 2017 Security Outlook
Chris Cornillie
 

What's hot (19)

Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020
 
Igs animation s;lide
Igs animation s;lideIgs animation s;lide
Igs animation s;lide
 
IT Security & Governance Template
IT Security & Governance TemplateIT Security & Governance Template
IT Security & Governance Template
 
IT Compliance and Security Solutions
IT Compliance and Security SolutionsIT Compliance and Security Solutions
IT Compliance and Security Solutions
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3
 
Sandingan ISO/IEC 27001 SMKI vs ISO 37001 SMAP
Sandingan ISO/IEC 27001 SMKI vs ISO 37001 SMAPSandingan ISO/IEC 27001 SMKI vs ISO 37001 SMAP
Sandingan ISO/IEC 27001 SMKI vs ISO 37001 SMAP
 
Iso27001vs iso27003
Iso27001vs iso27003Iso27001vs iso27003
Iso27001vs iso27003
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015
 
Ensuring Security, Privacy, and Compliance in Healthcare IT - Redspin Informa...
Ensuring Security, Privacy, and Compliance in Healthcare IT - Redspin Informa...Ensuring Security, Privacy, and Compliance in Healthcare IT - Redspin Informa...
Ensuring Security, Privacy, and Compliance in Healthcare IT - Redspin Informa...
 
SAP Compliance Management Demystified | Symmetry
SAP Compliance Management Demystified | SymmetrySAP Compliance Management Demystified | Symmetry
SAP Compliance Management Demystified | Symmetry
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
 
Ch3 cism 2014
Ch3 cism 2014Ch3 cism 2014
Ch3 cism 2014
 
IREC165473PR RP 2017 Security Outlook
IREC165473PR RP 2017 Security OutlookIREC165473PR RP 2017 Security Outlook
IREC165473PR RP 2017 Security Outlook
 
2009 iapp-the corpprivacydeptmar13-2009
2009 iapp-the corpprivacydeptmar13-20092009 iapp-the corpprivacydeptmar13-2009
2009 iapp-the corpprivacydeptmar13-2009
 
Intro to IT Auditing
Intro to IT AuditingIntro to IT Auditing
Intro to IT Auditing
 
Proactive information security michael
Proactive information security michael Proactive information security michael
Proactive information security michael
 
Developing Metrics for Information Security Governance
Developing Metrics for Information Security GovernanceDeveloping Metrics for Information Security Governance
Developing Metrics for Information Security Governance
 
Information security management (bel g. ragad)
Information security management (bel g. ragad)Information security management (bel g. ragad)
Information security management (bel g. ragad)
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
 

Similar to NQA - Information security best practice guide

MCGlobalTech Commercial Cybersecurity Capability Statement
MCGlobalTech Commercial Cybersecurity Capability StatementMCGlobalTech Commercial Cybersecurity Capability Statement
MCGlobalTech Commercial Cybersecurity Capability Statement
William McBorrough
 
eCrime-report-2011-accessible
eCrime-report-2011-accessibleeCrime-report-2011-accessible
eCrime-report-2011-accessible
Charmaine Servado
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk Management
Daren Dunkel
 
Technology Risk Services
Technology Risk ServicesTechnology Risk Services
Technology Risk Services
sarah kabirat
 
Meraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldMeraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless world
nooralmousa
 

Similar to NQA - Information security best practice guide (20)

Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
ISO-27001-Beginners-Guide.pdf guidline for implementation
ISO-27001-Beginners-Guide.pdf guidline for implementationISO-27001-Beginners-Guide.pdf guidline for implementation
ISO-27001-Beginners-Guide.pdf guidline for implementation
 
Small Business Playbook for Security and Compliance Success.pdf
Small Business Playbook for Security and Compliance Success.pdfSmall Business Playbook for Security and Compliance Success.pdf
Small Business Playbook for Security and Compliance Success.pdf
 
Small Business Playbook for Security and Compliance Success.pptx
Small Business Playbook for Security and Compliance Success.pptxSmall Business Playbook for Security and Compliance Success.pptx
Small Business Playbook for Security and Compliance Success.pptx
 
Cyber Defence - Service portfolio
Cyber Defence - Service portfolioCyber Defence - Service portfolio
Cyber Defence - Service portfolio
 
NQA Your Risk Assurance Partner
NQA Your Risk Assurance PartnerNQA Your Risk Assurance Partner
NQA Your Risk Assurance Partner
 
Choosing the Right Cybersecurity Services: A Guide for Businesses
Choosing the Right Cybersecurity Services: A Guide for BusinessesChoosing the Right Cybersecurity Services: A Guide for Businesses
Choosing the Right Cybersecurity Services: A Guide for Businesses
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service Presentation
 
Strategic Insights on IT & Cyber Risk Assessments.pdf
Strategic Insights on IT & Cyber Risk Assessments.pdfStrategic Insights on IT & Cyber Risk Assessments.pdf
Strategic Insights on IT & Cyber Risk Assessments.pdf
 
MCGlobalTech Commercial Cybersecurity Capability Statement
MCGlobalTech Commercial Cybersecurity Capability StatementMCGlobalTech Commercial Cybersecurity Capability Statement
MCGlobalTech Commercial Cybersecurity Capability Statement
 
Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015
 
State of Security McAfee Study
State of Security McAfee StudyState of Security McAfee Study
State of Security McAfee Study
 
Internal Audit
Internal AuditInternal Audit
Internal Audit
 
Chapter 1-3 - Information Assurance Basics.pptx.pdf
Chapter 1-3 - Information Assurance Basics.pptx.pdfChapter 1-3 - Information Assurance Basics.pptx.pdf
Chapter 1-3 - Information Assurance Basics.pptx.pdf
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security Management
 
eCrime-report-2011-accessible
eCrime-report-2011-accessibleeCrime-report-2011-accessible
eCrime-report-2011-accessible
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk Management
 
Technology Risk Services
Technology Risk ServicesTechnology Risk Services
Technology Risk Services
 
Meraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldMeraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless world
 

More from NA Putra

NQA ISO 50001:2018 energy management gap guide
NQA ISO 50001:2018 energy management gap guideNQA ISO 50001:2018 energy management gap guide
NQA ISO 50001:2018 energy management gap guide
NA Putra
 
NQA - Aerospace transition strategy key changes final
NQA - Aerospace transition strategy key changes finalNQA - Aerospace transition strategy key changes final
NQA - Aerospace transition strategy key changes final
NA Putra
 
NQA - Guide to transferring certification
NQA - Guide to transferring certificationNQA - Guide to transferring certification
NQA - Guide to transferring certification
NA Putra
 

More from NA Putra (20)

NQA ISO 50001:2018 Implementation Guide
NQA ISO 50001:2018 Implementation GuideNQA ISO 50001:2018 Implementation Guide
NQA ISO 50001:2018 Implementation Guide
 
NQA Migration OHSAS to ISO 45001
NQA Migration OHSAS to ISO 45001NQA Migration OHSAS to ISO 45001
NQA Migration OHSAS to ISO 45001
 
NQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation GuideNQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation Guide
 
NQA ISO 22000:2018 Implementation Guide
NQA ISO 22000:2018 Implementation GuideNQA ISO 22000:2018 Implementation Guide
NQA ISO 22000:2018 Implementation Guide
 
NQA Your Complete Guide to ISO 27001
NQA Your Complete Guide to ISO 27001NQA Your Complete Guide to ISO 27001
NQA Your Complete Guide to ISO 27001
 
NQA ISO 27701:2019 - PIM
NQA ISO 27701:2019 - PIMNQA ISO 27701:2019 - PIM
NQA ISO 27701:2019 - PIM
 
NQA ISO 27001 A Guide to Annex A
NQA ISO 27001 A Guide to Annex ANQA ISO 27001 A Guide to Annex A
NQA ISO 27001 A Guide to Annex A
 
NQA ISO 22000:2018 Transition Gap Guide
NQA ISO 22000:2018 Transition Gap GuideNQA ISO 22000:2018 Transition Gap Guide
NQA ISO 22000:2018 Transition Gap Guide
 
NQA ISO 50001:2018 energy management gap guide
NQA ISO 50001:2018 energy management gap guideNQA ISO 50001:2018 energy management gap guide
NQA ISO 50001:2018 energy management gap guide
 
NQA - ISO 13485 Transition Checklist
NQA - ISO 13485 Transition ChecklistNQA - ISO 13485 Transition Checklist
NQA - ISO 13485 Transition Checklist
 
NQA - Aerospace transition strategy key changes final
NQA - Aerospace transition strategy key changes finalNQA - Aerospace transition strategy key changes final
NQA - Aerospace transition strategy key changes final
 
NQA - 10 Steps to IMS Guide
NQA - 10 Steps to IMS GuideNQA - 10 Steps to IMS Guide
NQA - 10 Steps to IMS Guide
 
6 Tips for ISO
6 Tips for ISO6 Tips for ISO
6 Tips for ISO
 
NQA Brochure 2018
NQA Brochure 2018NQA Brochure 2018
NQA Brochure 2018
 
NQA - Guide to transferring certification
NQA - Guide to transferring certificationNQA - Guide to transferring certification
NQA - Guide to transferring certification
 
NQA - ISO 13485 Gap Guide
NQA - ISO 13485 Gap GuideNQA - ISO 13485 Gap Guide
NQA - ISO 13485 Gap Guide
 
NQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation Guide
 
NQA - ISO 45001 Implementation Guide
NQA - ISO 45001 Implementation GuideNQA - ISO 45001 Implementation Guide
NQA - ISO 45001 Implementation Guide
 
NQA - ISO 14001 Implementation Guide
NQA - ISO 14001 Implementation GuideNQA - ISO 14001 Implementation Guide
NQA - ISO 14001 Implementation Guide
 
NQA - ISO 9001 Implementation Guide
NQA - ISO 9001 Implementation GuideNQA - ISO 9001 Implementation Guide
NQA - ISO 9001 Implementation Guide
 

Recently uploaded

LECTURE maintenance management is important 1.pptx
LECTURE maintenance management is important 1.pptxLECTURE maintenance management is important 1.pptx
LECTURE maintenance management is important 1.pptx
shahzadnasim3
 
Disaster management for class 10 students
Disaster management for class 10 studentsDisaster management for class 10 students
Disaster management for class 10 students
madhav072009
 

Recently uploaded (11)

Group work -meaning and definitions- Characteristics and Importance
Group work -meaning and definitions- Characteristics and ImportanceGroup work -meaning and definitions- Characteristics and Importance
Group work -meaning and definitions- Characteristics and Importance
 
TEST BANK for Operations Management, 14th Edition by William J. Stevenson,.pdf
TEST BANK for Operations Management, 14th Edition by William J. Stevenson,.pdfTEST BANK for Operations Management, 14th Edition by William J. Stevenson,.pdf
TEST BANK for Operations Management, 14th Edition by William J. Stevenson,.pdf
 
LECTURE maintenance management is important 1.pptx
LECTURE maintenance management is important 1.pptxLECTURE maintenance management is important 1.pptx
LECTURE maintenance management is important 1.pptx
 
Management 13th Edition by Richard L. Daft test bank.docx
Management 13th Edition by Richard L. Daft test bank.docxManagement 13th Edition by Richard L. Daft test bank.docx
Management 13th Edition by Richard L. Daft test bank.docx
 
Leading People - Harvard Manage Mentor Certificate
Leading People - Harvard Manage Mentor CertificateLeading People - Harvard Manage Mentor Certificate
Leading People - Harvard Manage Mentor Certificate
 
W.H.Bender Quote 63 You Must Plan T.O.P Take-Out Packaging
W.H.Bender Quote 63 You Must Plan T.O.P Take-Out PackagingW.H.Bender Quote 63 You Must Plan T.O.P Take-Out Packaging
W.H.Bender Quote 63 You Must Plan T.O.P Take-Out Packaging
 
Disaster management for class 10 students
Disaster management for class 10 studentsDisaster management for class 10 students
Disaster management for class 10 students
 
DrupalCamp Atlanta 2022 - Effective Project Management
DrupalCamp Atlanta 2022 - Effective Project ManagementDrupalCamp Atlanta 2022 - Effective Project Management
DrupalCamp Atlanta 2022 - Effective Project Management
 
Marketing Management 16 Global Edition by Philip Kotler test bank.docx
Marketing Management 16 Global Edition by Philip Kotler test bank.docxMarketing Management 16 Global Edition by Philip Kotler test bank.docx
Marketing Management 16 Global Edition by Philip Kotler test bank.docx
 
Spring-2024-Priesthoods of Augustus Yale Historical Review
Spring-2024-Priesthoods of Augustus Yale Historical ReviewSpring-2024-Priesthoods of Augustus Yale Historical Review
Spring-2024-Priesthoods of Augustus Yale Historical Review
 
Team Dynamics: A Journey to Excellence
Team Dynamics: A Journey to ExcellenceTeam Dynamics: A Journey to Excellence
Team Dynamics: A Journey to Excellence
 

NQA - Information security best practice guide

  • 1. We have become increasingly dependent on information technology to run our organisations. At the same time, this technology is being abused to perform illegal or malicious activities, such as stealing credit card numbers and intellectual property, illegally transmitting trade secrets and disrupting vital communications. Increasingly, security breaches and hacking attempts are targeted towards specific organisations to steal valuable information such as business contracts, customer lists, industrial secrets and financial data leading to a loss of business, identity theft and data breaches. Ultimately, the greatest damage will be to the organisation’s reputation due to customers losing faith in its ability to protect their personal data. As security threats grow within the environment we live in, it is becoming ever more vital for an organisation to have an effective information security management system (ISMS) in place which includes appropriate controls to help reduce or eliminate security risks. Why Information Security? NEVER STOP IMPROVING INFORMATION SECURITY BEST PRACTICE GUIDE
  • 2. “Attacks against small businesses increased by 10% in the past year, costing up to 6% of their turnover.” Source : The 2013 Information Security Breaches Survey The best practice elements below should be considered in order to successfully implement an Information Security Management System. Senior management commitment It is vital senior management understand and fully support the information security policies and procedures within their organisation. They should be ambassadors who continually demonstrate the importance of information security to the entire organisation. Only by having full support from senior management can all employees understand their part in the management system and its continual improvement. Determine risk and vulnerabilities The organisation should conduct a risk assessment to determine what data is critically important to the needs of the business, this is vital in order to combat risks to your organisation’s assets. You will need to identify the assets, consider the threats that could compromise these assets, and estimate the damage that the realisation of any of these threats could pose. Policies and procedures Organisations should develop their policies and procedures based on the vulnerabilities and threats identified. By recognising the processes within your organisation, you can select and implement the controls needed to manage these vulnerabilities. When placing controls on the system consideration should be taken to ensure these controls do not become a hindrance to the very processes the business depends upon. Information security awareness It is vital that information security awareness starts at an executive level and proceeds to be engrained throughout the whole organisation. Security policies should be consistent with the organisation’s culture and therefore should be rooted deep into its ethos. A key task for an organisation is to ensure that their employees understand the importance of information security and how they play a part in applying it to their daily working life. Ideally training should be conducted by a knowledgeable trainer who can address social engineering as well as internet and email best practice. Continual Improvement Top management should review the ISMS at planned intervals. The review should include opportunities for improving the information management system, including the security policy and security objectives with specific attention to previous corrective or preventative actions and their effectiveness. Ultimately, continual monitoring of the management system and the visibility it provides enables top-level management and key stakeholders to improve governance through on- going evaluation of critical control factors. “In 2012, identity fraud incidents increased by more than one million victims (the highest amount since 2009).” Source: Javelin Strategy & Research The weapon of choice ISO 27001 has become synonymous within information security. This standard is now the fastest growing management system two years in a row and has been implemented by over 19,000 organisations. The standard can be integrated across all business sectors, regardless of the size and nature of business. As we continue towards a highly technical dependent environment the need to ever more secure information is apparent. Therefore ISO 27001 is proving to become the weapon of choice.
  • 3. What are the benefits of certification? An organisation can gain a more competitive edge, increase stakeholder confidence, profitability and ensure legal compliance by obtaining certification to ISO 27001, the international standard for information security management systems. Certification to ISO 27001 should be sought from a UKAS (United Kingdom Accreditation Service) accredited certification body. Accreditation is the formal recognition from UKAS to the organisational competence of a conformity assessment body to carry out a specific service in accordance to the standards and technical regulations as described in their scope of accreditation. NQA are UKAS accredited to certify an organisation to ISO 27001. Certification is the procedure by which a third party, such as NQA gives written assurance that a product, process or a system conforms to specified requirements. By gaining certification through NQA, your organisation can demonstrate with credibility how the security of your information has been addressed, implemented, properly controlled and independently audited by a third party organisation.This will prove your organisation’s commitment to information security, and will increase the confidence of your customers, trading partners and all stakeholders involved. NQA can help you NQA is a global leading assessment, verification and certification body and works in partnership with a wide range of businesses, government departments and charitable organisations to help improve management performance. NQA has certified organisations to ISO 27001 (Information Security) in a diverse range of sectors including SmartWater Technology, Barcode Warehouse and The European Space Agency. • Customer satisfaction by giving confidence that their personal information is protected and confidentiality upheld • Business continuity through management of risk, legal compliance and vigilance of future security issues and concerns • Legal compliance by understanding how statutory and regulatory requirements impact the organization and its customers • Improved risk management through a systematic framework for ensuring customer records, financial information and intellectual property are protected from loss, theft and damage • Proven business credentials through independent verification against recognized standards • Ability to win more business particularly where procurement specifications require certification as a condition to supply “ISO 27001 certification is widely recognized and we regard the Standard as a commercial necessity.” Senior Systems Manager, Smart Water “We want our customers to have confidence in us. By seeking certification to ISO 27001 they can rest assured we’ve reached demanding high international standards that enable us to protect their information assets.” Managing Director, Capito
  • 4. Let’s talk. Please give us a call or email us today. NQA, Warwick House, Houghton Hall Park, Houghton Regis, Dunstable, Bedfordshire LU5 5ZX, United Kingdom 08000 522424 info@nqa.com www.nqa.com/isms