Skip to content

ISO 27001 Information Security

This service is linked to the UN Sustainable Development Goals (SDGs).

ISO 27001 ● Information Security Management

The international standard ISO/IEC 27001:2013 specifies the requirements for the implementation and continuous improvement of an Information Security Management System, in organizations and companies of any size and business sector, who want to secure their data (financial, know-how, employee data, information exchanged with third parties).

The requirements

ISO/IEC 27001 with 114 checkpoints and system management requirements specifications, covers the following areas : information security policies, information security organisation (roles, responsibilities), staff awareness and training, IT infrastructure management (PCs, servers, etc.), physical and logical access, encryption policies, physical and environmental security, IT systems security, systems development and maintenance, communications security, vendor relations, security incident management, management

In order to comply with the principles of confidentiality, integrity and availability, companies are required to:

  • Develop and update Risk Assessment, Information Security Policies and Procedures, S.o.A - Statement of Applicability (S.o.A) and maintain relevant documentation records,
  • train and brief their staff,
  • adopt data protection technologies (e.g. hardware authentication, malware software, vulnerability assessment, penetration testing, etc.).

The benefits

ISO 27001 certification demonstrates the organization's commitment:

  • To protecting the interests of the organisation and its stakeholders
  • meeting regulatory and legislative requirements
  • responding promptly to information security incidents
  • implementing policies that ensure the integrity, confidentiality and availability of information

TÜV NORD Greece (TÜV NORD), with experienced and qualified inspectors, can lead you to a successful ISO 27001 certification and offer you a comprehensive package of services to increase the security level of your organization.

Certification to the above international standard demonstrates an organisation's commitment:

  • To protecting the interests of the organisation and its stakeholders,
  • meeting regulatory and legislative requirements,
  • responding promptly to information security incidents,
  • implementing policies that ensure the integrity, confidentiality and availability of information.

ISO 27001 can be part of an organisation's integrated management system, covering all requirements for quality (ISO 9001), business continuity (ISO 22301), organisational resilience (ISO 22316) and privacy (ISO 27701).