INFORMATION SECURITY MANAGEMENT SYSTEMS ISO 27001: 2013
OVERVIEW
ABOUT BM TRADA
Data and information security is increasingly important in managing the risk of fraud or information loss, corruption or theft.
BM TRADA, part of the Element Group, specializes in providing a comprehensive range of independent testing, inspection, certification, technical and training services. We help organizations to demonstrate their business and product credentials and to improve performance and compliance.
There are three core principles involved in information security: confidentiality, integrity and availability. Creating an information security management system (ISMS) with ISO 27001: 2013 will identify the risks your business faces and ensure that you have the appropriate controls in place. It will enable you to demonstrate information governance whilst giving your clients confidence that their data is totally secure. ISO 27001 is particularly important to companies whose information is sensitive and critical – such as IT, finance, health and public agencies – and those managing information on behalf of others.
We exist to help our customers to make certain that the management systems, supply chain and product certification schemes they operate are compliant and fit for purpose. We offer certification to businesses in over 70 countries to ISO 9001, ISO 14001, ISO 50001, ISO 45001, ISO 27001, FSC™ A000503, PEFC, RSPO and UTZ.
BENEFITS OF CERTIFICATION Certification to ISO 27001 helps protect your business from increasing cyber threat and verifies that you properly identify, assess and manage security risks. It shows your customers that they can rely on the integrity of your information security practices, that you meet corporate governance and business continuity requirements and that you comply with relevant regulation, legislation and industry mandates.
bmtrada.com
INFORMATION SECURITY MANAGEMENT SYSTEMS ISO 27001: 2013
HOW TO ACHIEVE CERTIFICATION
01 APPLICATION AND REVIEW
04 CERTIFICATION
Complete the BM TRADA ‘request for quote’ form. This allows us to accurately define your certification requirements.
You will be issued with a certificate and certification marks, provided all requirements are met. Certification is valid for three years and is maintained through a program of annual surveillance audits. A recertification audit takes place in year three before the certificate expires.
02 GAP ANALYSIS An optional gap analysis can be undertaken before the certification audit to identify any gaps that might prevent or delay certification. Typically this can be completed in one day. 03 INITIAL CERTIFICATION AUDIT
FOR FURTHER INQUIRIES Please contact t: +44 (0)1494 569 745 info.highwycombe@bmtrada.com
The audit includes two mandatory stages. Stage one includes: · Documentation review · Site specific evaluation · Review of status and understanding of the standard · Review information regarding the scope of the management system · Evaluation of internal audits and management reviews. Stage two includes: · Review of information and evidence to ensure conformity to all standard requirements · Evaluation of implementation and effectiveness of the management system in meeting applicable statutory, regulatory and contractual requirements · A sample audit of processes, activities and operational control · A written report on the audit findings and non-conformances that need to be addressed.
Element is one of the fastest growing testing, inspection, certification and calibration businesses in the world. Globally we have over 7,000 brilliant minds operating from 200 sites across more than 30 countries. Together we share an ambitious purpose to ‘Make tomorrow safer than today’.
bmtrada.com