What is ISO 27001?

Your organisation almost certainly stores and handles information and data, even if it’s just phone numbers in a notebook. Once you create a record, you have an obligation to protect its security. Failure to do so leaves you vulnerable to breaches and even prosecution.

ISO/IEC 27001:2013 (normally just known as ISO 27001) is the international standard for Information Security Management Systems (ISMS) and helps you manage this challenge.

It’s not just about cyber security. It allows you to take control of the security of information in whatever form it’s held and however it’s transmitted – on paper, electronically, by post or email, shown on films or even spoken in conversation. Whatever form it takes, or means by which it is stored and shared, the standard helps to make sure it’s always appropriately protected to assist with the preservation of:

Confidentiality – ensuring that access to information is appropriately authorised

Integrity – safeguarding the accuracy and completeness of information and processing methods

Availability – ensuring authorised users have access to information when required

Why choose ISO 27001?

  • Protects your organisation – Improves defences to reduce the risk of information security breaches including identity theft.

  • Limits damage – Minimises the chance of accidental leaks.

  • Embeds best practice – Demonstrates credibility and trust by reassuring customers, employees and all stakeholders that information and systems are secure.

  • Reduce errors – Minimises the chance of accidental leaks.

  • Relevance and accuracy – Introduces discipline in managing quality of stored information to ensure it is relevant and accurate.

  • Authorisation – Access and ability to modify information security breach meaning you are less susceptible to lost business and fines.

  • Compliance – Enhances compliance by helping ensure relevant laws (including GDPR), regulations and contractual requirements are met.

  • Win new business – ISO 27001 certification gives a competitive edge to help you win more business.


Just submit your contact details and we’ll be in touch shortly.


Like other ISO management system standards, certification to ISO/IEC 27001 is possible but not obligatory. Some organizations choose to implement the standard in order to benefit from the best practice it contains while others decide they also want to get certified to reassure customers and clients that its recommendations have been followed. ISO does not perform certification.

Read more about certification to ISO’s management system standards.

Many organizations around the world are certified to ISO/IEC 27001. To find out more, visit the ISO Survey.