ISO 27001 Information Security Management System

Posted in Information Technology Standards, ISO Standards

ISO 27001 Information Security Management System

ISO 27001

The new ISO 27001:2013 (released in September 2013) allows you to demonstrate to existing and potential customers, suppliers and shareholders the integrity of your data and systems and your commitment to information security. It also allows you to enforce information security and reduce the possible risk of fraud, information loss and disclosure.

The standard is based on 7 major requirements, i.e.

  • Clause 4: Context of the Organization
  • Clause 5: Leadership
  • Clause 6: Planning
  • Clause 7: Support
  • Clause 8: Operation
  • Clause 9: Performance Evaluation
  • Clause 10: Improvement

Incorporating the new revision are improvements to the security controls to deal with current threats, namely identity theft, risks related to mobile devices and other online vulnerabilities. It also allows easier integration with other management systems. (source:

Benefits of ISO 27001

  1. Improve the management of information security risks
  2. Enhance the protection of data critical to your business
  3. Increase confidence in your information and data management
  4. Minimise cost, time and efforts related to data recovery and maintenance
  5. Recognition for attaining the international level of information security level

How Can Nexus TAC Help?

Nexus TAC, Malaysia ISO Consultant, provides management system training and consultancy services. We offer specialized expertise and extensive practical experience to assist client in developing management systems from the initial concept to establishment and successful implementation of the management systems.

We use the following consultation approach to assist you in achieving certification:

  1. Identify areas requiring improvement or development within your current Management System
  2. Prepare a strategic action plan, in conjunction with your company personnel, to address those improvement areas and assist with the communication of these requirements to key personnel at all levels
  3. Provide system-related trainings for your company personnel to create awareness and provide them with the necessary knowledge and skills in the implementation of systems
  4. Provide assistance and advice on the development and implementation of systems, including preparation of documentation
  5. Advise and assist, if required, with the preparation and submission of applications to your certification body
  6. Assist with the development of internal auditing procedures and training
  7. Conduct internal audit to ensure the effective implementation of the management system prior to final audit by your certification body
  8. Conduct Management Review Meeting to review performance of management system and identify areas for improvement prior to final audit by your certification body

Our customised in-house training services include:

  1. ISO/IEC 27001 Information Security Management System Awareness
  2. Understanding, Documenting and Implementing ISO 27001
  3. Internal Audit of ISO 27001 Quality Management System
Click Here To Request For Quote