ISO/IEC 27001 requires that the company systematically examines its business and information security risks, taking account of the threats, vulnerabilities and impacts, and then designs and implements a coherent and comprehensive suite of information security controls or risk treatment to address those risks that are deemed unacceptable. Finally, it requires the adoption of an overarching management process to ensure that the information security controls put in place continue to meet the organisation's information security needs on an ongoing basis.
“We are delighted with this result and I know that it has required a high degree of hard work and commitment from the entire company. ISO/IEC 27001 formally specifies a management system designed to bring information security under explicit management control, it encompasses people, processes and IT systems,” explained Steve Haworth, CEO of TeleWare Plc. “Being a formal specification means that it mandates specific requirements that TeleWare have now adopted. This is not a single shot certification, it means that, ongoing, we are committed to being formally audited and certified compliant with the standard. We are very proud to have achieved this certification,” added Haworth.
ISO/IEC 2700, part of the growing ISO/IEC 27000 family of standards, is an information security management system (ISMS) standard published in October 2005 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission.