ISO 27001:2013. • Information technology • Security techniques • Information security management systems • Requirements
What is ISO 27001:2013? information security threats and
destructive cyber-attacks, regardless ISO 27001 is the international of size, industry, or geographical standard that sets out the location. requirements for establishing, An effective system implementing, maintaining and When information security systems are not properly managed and provides protection continually improving an information security management system (ISMS) maintained, organizations run the against the known - risk of sustaining serious financial within the context of the and reputational losses. and more importantly organization. - unknown threats. Ensuring your organization has the It provides organizations a best right controls in place to reduce the It challenges us to practice framework to identify, analyze and then implement controls risk of serious data security threats look at our own to manage information security risks and avoid any system weaknesses vulnerabilities and safeguard the integrity of from being exploited is no longer an business-critical data. option. and ask ourselves This is especially so since the whether we have con Why is ISO 27001:2013 certification important for my organization? publication of the EU General Data dence in our controls. Protection Regulation, which places Rob Acker Information is one of the most more stringent requirements and Rob Acker LR Information Security Technical valuable and business-critical assets harsher fines and penalties on Manager for any organization. In today’s organizations in the event of data hyperconnected world, organizations breaches. are exposed to large scale
Lloyd’s Register ISO 27001:2013 | 01
How to safeguard your organization from cyber attacks Minimize risk Stay within the law Management system integration Ensures controls are in place to Compliance requires you to identify reduce the risk of security threats applicable legislation, which has a The basis of the standard is the Plan and to avoid any system weaknesses positive impact on risk management Do Check Act cycle in common with being exploited. Your ISMS is part of a and corporate governance. other management system business continuity plan which standards, making it simpler for you means you’re in a good position to Competitive edge to develop a single management recover quickly should the worst system that meets the requirements happen. Certification by LR gives your of other standards. customers, trading partners and Best practice other key stakeholders confidence Reduced costs that you have addressed all security Widely recognized as providing best risks including IT, people, physical Following a methodical risk practice guidance in information and business continuity. It is a public assessment approach ensures that security management. and independent statement of your resources are applied to reduce capability, which may help when overall risk, rather than just focusing responding to tenders. on one aspect which can leave other areas exposed.
LR’s unique assessment
methodology helps you manage your systems and risks to improve and protect the current and future performance of your organization.
Lloyd’s Register ISO 27001:2013 | 02
We are recognized by almost 50 Gap Analysis Our expertise accreditation bodies and deliver our services to clients in more than 120 This assessor-delivered activity offers countries. the opportunity to focus on critical, LR has been at the forefront of high-risk or weak areas of your standards development and involved Our unique assessment methodology system in order to create a certifiable in information security management takes your management systems system. It can also look at how system (ISMS) assessment and from compliance to performance, in existing management systems or certification for many years. order to reduce business risk, and procedures can be used within your enhance the effectiveness, efficiency, chosen standard. Our roster of high-profile clients in and continuous improvement of your the finance, telecommunications, Whether you are in the early stages of management systems. software, internet, consultancy, implementing your management justice and government sectors, trust system or looking to go for a ‘dry run’ LR to deliver high quality, consistent before the assessment visit, the and impartial assessments with the full back-up of a highly dedicated Our information scope of the gap analysis can be decided with your business support package. security services development manager or assessor and gives you flexibility in choosing Our assessors are management We provide a range of online and the visit scope and duration. systems experts qualified in face-to-face assessment services information security and other suitable for organizations of all sizes Surveillance aspects of IT, whose objective view and locations, and can help you will give you confidence in your own make the most of the standards. Once we’ve approved your ISMS, we security measures as judged against carry out regular surveillance visits Certification where we check its ongoing best industry practice. effectiveness. This gives you, and This is typically a two-stage process your top management, the assurance consisting of a system appraisal and the management systems are on an initial assessment, the duration of About us which is dependent on the size and track and continually improving. nature of your organization. Integrated management system LR is a recognized, world leading professional assurance services assessment Your business development manager organization. We specialize in will design a solution to meet your Companies looking to combine their management systems compliance specific needs while our assessors management system with an existing and expert advice across a broad will be open, helpful and take a management system (such as spectrum of standards, schemes practical approach. This is one of the quality) can benefit from a co- and business improvement services many ways we add value to the ordinated assessment and including customized training and assessment process. surveillance program. This service is assurance programs. continually being developed.
Get in touch Lloyd’s Register
1330 Enclave Parkway, Suite 200 W lrqausa.com Houston, TX 77077 E inquiries-usa@lr.org United States T 866 971 5772
Care is taken to ensure that all information provided is
accurate and up to date. However, Lloyd’s Register accepts no responsibility for inaccuracies in, or changes to, information.
Lloyd’s Register is a trading name of Lloyd’s Register Group