ISO 27001:2013
Information Security Management System


What is ISO 27001?

ISO 27001 for information security management systems requires organizations to apply a risk-based approach to the security of all information. ISO 27001 is not a prescriptive document, rather it is intended to allow organizations to ensure the security of information by assessing and handling information security risks.

Requirements for the information security management system

Information Security Management Systems (ISMS) require organisations to:
  • identify information security risks
  • understand external & internal issues, and interested parties, relevant to information security
  • develop an information security Policy - typically one page document declaringcommitment to information security
  • develop a Statement of Applicability, documenting the assessment of identified information security risks and establishing controls (risk treatment) based on reference controls documented at Annex A of ISO 27001
  • develop procedures -- instructions required to address information security
  • control any outsourcing of information management
  • develop and monitor information security objectives and targets
  • embrace information security risks and opportunities throughout the business
  • ensure staff are competent and understand their information security responsibilities
  • monitor information security performance
  • control information security nonconformances and take corrective action for significant or repetitive nonconformances
  • conduct internal audits of the information security management system
  • ensure senior management strategically review the information security management system
  • .

Documentation requirements:
  • Information Security Policy Statement of Applicability
  • ISMS or Management Manual Procedures
  • Improvement Plan (monitoring information security objectives and targets)
  • Registers – nonconformances and corrective action.

Benefits of an Information Security Management System:

  • demonstrate due diligence, compliance with regulatory and customer requirements
  • comply with international best security practices
  • comply with tender requirements and stand out from competitors
  • improve the reputation and profile of the company
  • demonstrate data integrity protection to customers, suppliers and other stakeholders
  • reduce the risk of fraud, loss and disclosure of information
  • increased resistance to cyber
  • attacks prompt detection of data leaks and rapid response to violations
  • reduce costs related to information security
  • all forms of information that ensure confidentiality, integrity and availability of data are protected
  • ensured confidentiality in the workplace and improved corporate culture
  • easily integrated with other management systems.

TQCSI Certification Process:
  • contact your TQCSI Office and ask for a quote or apply on-line - TQCSI will need to know what your business does, how many employees (full time equivalent) and what types of information security risks are applicable
  • to prevent delays, don’t wait until your Information Security Management System is fully implemented.
Certification mark of Information Security Management Systems:

Ask questions
You can ask us a question you are interested in.
By clicking on the button, you consent to the processing of personal data and agree to the privacy policy

Contact us

Almaty, Bukhar Zhyrau str. 33, office 48

Made on