Management of Information Security on the rise

23 Mar, 2013

ISO 27001, Information Security, Management standard, ISO 27001 certification

With the recent headlines identifying areas of major security breaches, SME businesses are now turning to the ISO 27001 information security management system to help protect their businesses against cyber threats and ensure there are no vulnerabilities in their existing systems.

More and more companies are now realising that possession of a security policy by itself does not prevent breaches; staff need to understand it and put it into practice. Only 26% of respondents with a security policy believe their staff have a very good understanding of it; 21% think the level of understanding is poor.

The Economist 2002, explained that: “The human side of computer security is easily exploited and constantly overlooked. Companies spend millions of dollars on firewalls, encryption and secure access devices, and it’s money wasted, because none of these measures address the weakest link in the security chain;  the weakest link is people” .

According to one survey conducted by Infosec (2012) 70% of large organisations detected significant attempts to break into their networks in the past year. The average cost of the worst security breach for large organisations was between £110,000 and £250,000 whereas for small business the cost ranged from £15,000 to £30,000. The root cause, the survey report said, was often the failure to invest in educating staff about security risks, with 75% of organisations where the security policy was poorly understood experiencing staff-related breaches.

It’s important to remember that threats to information security do not come through IT alone. Unhappy staff, resentful ex-employees, deceitful managers and competitors can all have access to your confidential information and can use this to the detriment of the business and its reputation. This can be purposeful or accidental. Information is not confined to electronic format but encompasses all forms of communication including verbal and hard copy.ISO 27001 Certification
By implementing a robust information security system like the ISO 27001, ensures that adequate training and records are in place for all staff so that they know what is expected of them. This can prevent most accidental breaches of security and ensure that the company is reviewing their policies on a regular basis to keep up to date with the advancements in technology.


ISO Quality Services Ltd are proud to specialise in the implementation and certification of the Internationally recognised ISO and BS EN Management Standards.

Do you want to get ahead of your competition? Win more tenders or save time and money on reoccurring issues? Contact us today on 0330 058 5551 or email info@isoqsltd.com.

Alternatively, you can request a quote by filling out our enquiry form and a member of our team will be in touch shortly.

Related Posts

Why Technology Could be Your Greatest Strength and Biggest Risk

17 Oct, 2023

In this guest article with Duncan Sutcliffe from Sutcliffe & Co Insurance Brokers, we look at why brokers are talking about cyber and data insurance, and the growth in demand for cyber security and information security standards like ISO 27001.

ISO QSL Bingo Box Challenge Is Back!

2 Oct, 2023

We are thrilled to announce the return of our Bingo Box challenge for the 6th time! Foodbanks, the lifelines for countless families, are grappling with unprecedented demand, leaving their shelves empty and their resources stretched thin.

Reduce, Reuse, Recycle

ISO 14001 Is Just About Recycling… Isn’t It?

19 Sep, 2023

The days of checking bins have gone! Find out how ISO 14001 has changed with the times.

Puzzle piece being put in place in to the center of a circle.

10 Benefits of Implementing Multiple ISO Standards

30 Aug, 2023

In the dynamic landscape of modern business, organisations are constantly seeking ways to enhance operational efficiency, quality, and management practices. A powerful strategy that has gained traction is the implementation of multiple ISO standards.