Mitigate the information security and privacy risks you identify.

What is ISO 27001 and ISO 27701? 

ISO/IEC 27001 is a globally recognised information security management standard. It provides a flexible framework that you can apply to your business in order to build an Information Security Management System (ISMS). ISO/IEC 27001 is primarily a risk management tool. Information security risk assessment and treatment are core to the standard, and the controls you will implement in your organisation – policies, procedures, asset and risk registers – will enable you to mitigate the information security risks you identify 

ISO 27701 contains Security techniques and is an extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management requirements and guidelines. It also specifies requirements and provides guidance for establishing, implementing, maintaining and continually improving a Privacy Information Management System (PIMS) in the form of an extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy management within the context of the organization. 

What do I need to achieve compliance?  

Commitment of senior management is the core requirement for ISO 27001 and ISO 27701. Aside from approving the time and budget required for the mechanics of implementing the ISMS, senior management must ensure – by providing resources and prioritising staff time appropriately – that the controls produced by the implementation process are embedded in the normal operation of the organisation.  

You will then need to define the scope of your ISMS and PIMS, carry out the necessary risk assessments, and construct and implement the set of controls that will allow you to operate effectively and securely.  

The members of staff within the scope of the ISMS and PIMS will also need to spend time reading and understanding the various documents that make up the ISMS and PIMS, and to use them on a day-to-day basis.  

Finally, you must implement a regime of continual improvement: information security and privacy risks do not stand still, so an ongoing regime of reassessment and improvement is vital to remaining compliant. 

How we can help 

Grant Thornton Cyprus ISO 27001 and ISO 27701 specialists will arrange and oversee the formal audit process. The dedicated team of specialists will define and implement a regime of continual improvement and assist your organisation to be ready for the audit by a Certification Authority.  

DIGITAL RISK

ISO 27001 brochure