article banner
Digital risk

ISO 27001

Christos Makedonas Christos Makedonas

What is ISO27001?

To give it its full title, ISO/IEC 27001:2013 is a globally recognised information security standard. It provides a flexible framework that you can apply to your business in order to build an Information Security Management System, or ISMS.

ISO 27001 is primarily a risk management tool. Information security risk assessment and treatment are core to the standard, and the controls you will implement in your organisation – policies, procedures, asset and risk registers – will enable you to mitigate the information security risks you identify.

What do I need to achieve ISO 27001 compliance?

Commitment of senior management is the core requirement for ISO 27001. Aside from approving the time and budget required for the mechanics of implementing the ISMS, senior management must ensure – by providing resources and prioritising staff time appropriately – that the controls produced by the implementation process are embedded in the normal operation of the organisation. You will then need to define the scope of your ISMS, carry out the necessary risk assessments, and construct and implement the set of controls that will allow you to operate effectively and securely. The members of staff within the scope of the ISMS will also need to spend time reading and understanding the various documents that make up the ISMS, and to use them on a day-to-day basis. Finally, you must implement a regime of continual improvement: information security risks do not stand still, so an ongoing regime of reassessment and improvement is vital to remaining compliant.


How we can help you

Grant Thornton Cyprus ISO 27001 specialists will:

  • arrange and oversee the formal external audit process
  • define and implement a regime of continual improvement.