INFORMATION SECURITY CERTIFICATION

Safeguard your company’s information and prove your information security

BUSINESS CHALLENGE

Many types of organisations are dependent on fast moving and frequently updated information in today’s environment of increasingly electronic communication. Information security is not just for IT companies though, it covers all information, so any organisation that has sensitive data or critical information stored or transferred in any medium, whether it is physical, written, spoken, emailed, app generated or completely cloud based, should consider applying the rigorous information risk methodologies laid out in the ISO 27000 series. It is not just large companies, small and medium sized enterprises (SMEs) with less than 250 employees, are increasingly becoming the target of cyber-attacks, with research showing that whereas 18% of cyberattacks were aimed at SMEs in 2011, it had risen to 43% in 2019*. The proportion of SMEs actually experiencing a cyber-security breach or attack is 31%, with 60% of medium sized and 61% of large firms being targeted according to another survey**.

WHAT IS ISO 27001?

The pioneer international management systems standard for information security (ISMS) was last updated in 2013 to align with the High Level Structure (HLS) common to most international management systems. ISO 27001 is a specification that enables certification, and heads a growing family of related standards that combine to offer comprehensive guidance and support for organisations that want to systematically understand their vulnerabilities, identify the risks to the security of that information in order to ensure its availability, integrity and confidentiality for their customers, shareholders, regulatory authorities and other stakeholders.

WHY IMPLEMENT ISO 27001?

Base risk management decisions on strategic business objectives and provide a defined level of assurance
Focus on critical information in any form: digital, paper, video, voice
Enhance information security metrics and reporting to justify ongoing and increasing investment in effective controls
Take a comprehensive risk based view on implementing controls

KEY BENEFITS

Enhance your company image with stakeholders and differentiate yourself from the competition
Reduce the burden of contractually required customer audits by proving compliance to internationally recognized criteria
Address information security with potential clients proactively and shorten your sales cycle
Demonstrate return on investment for information security with reduced liability

HOW DO I CERTIFY?

Key steps in our certification process are:

Definition of certification scope
Pre-audit (optional): gap analysis and diagnosis of your current position against standard
Certification audit performed in 2 stages:
Stage 1 - Readiness review performed to verify that the organisation is ready for certification
Stage 2 - Evaluation of implementation, including the effectiveness of the management system of the organisation
A certificate valid for 3 years is issued upon satisfactory results of stage 2 audit
Surveillance audits to verify that the management system continues to fulfil the requirements of the standard and monitor the continual improvement
Re-certification after 3 years to confirm the continued conformance and effectiveness of the management system as a whole

WHY CHOOSE BUREAU VERITAS?

NETWORK
With 148,000+ active ISO certificates and +7,400 skilled auditors, Bureau Veritas is present in 140 countries with local specialists in 80 countries.

AUDITORS
Our auditors have extensive knowledge of specific industry sectors, local regulations, markets and language
that enables them to provide solutions adapted to your needs.

RECOGNITION
Bureau Veritas Certification is recognized by more than 70 national and international accreditation bodies across the world.

MARK OF GLOBAL RECOGNITION
The Bureau Veritas Certification mark is a globally recognized symbol of your organisation's ongoing commitment to excellence, sustainability and reliability.

GET IN TOUCH WITH A MEMBER OF THE TEAM BY SUBMITTING YOUR DETAILS BELOW:

Your Name

Company Name

Job Title

Your Telephone Number

Your Email

Message

Your personal data is collected by Bureau Veritas UK, having its registered office at Suite 206, Fort Dunlop, Fort Parkway, Birmingham B24 9FD, and is subject to computer processing in order to respond to questions from the media about the Group or its subsidiaries on the basis of your consent, and to respond to customer complaints, on the basis of the service contract that you have entered into with a subsidiary of Bureau Veritas. Your personal data is intended for the Corporate Communication department or the Quality, Health & Safety and Environment department of the Bureau Veritas Group, depending on the nature of your request, and for their service providers, providing consulting and technical services as well as for the Bureau Veritas IT department. Your personal data will be retained for a period of one year for media requests and three years for customer complaints from your request. Your personal data can be transferred outside the European Union, in countries where Bureau Veritas subsidiaries operate, on the basis of standard contractual clauses established by the European Commission, available on request, by submitting a query to: https://personaldataprotection.bureauveritas.com. Fields marked with an asterisk must be filled in. Otherwise, Bureau Veritas would not be able to answer your questions and/or complaints. In accordance with the Data Protection Act 2018 and the General Data Protection Regulation of 27 April 2016, you have the right to access, rectify and erase any personal data concerning you, as well as the right to limit the processing, the right to oppose to the processing or the right to portability of your personal data. You have the right to withdraw your consent at any time by submitting a query to https://personaldataprotection.bureauveritas.com and unchecking the box dedicated to the collection of your consent. You can exercise your rights online to lodge a complaint to the Information Commissioner’s Office.

I have read and understood the terms and conditions of Personal data protection policy