ISO 27001

Information Security Management

What is ISO 27001?

ISO 27001 is an internationally recognized Information Security Management Standard which enables an organisation to keep its sensitive information secure. It is a formal set of guidelines and specifications for organizations to use in developing their information security framework. It covers information of all kinds including IT, paper records and even information people keep in their heads, and enables an organisation to demonstrate its commitment to protecting information assets.

ISO 27001 is generally misunderstood as a standard solely for Information Technology companies offering protection against cyber-attacks. In fact it is a standard for all assets belonging to an organisation including its people. ISO 27001 mandates a particular set of controls that need to be in place for your ISMS and is a practical demonstration of your commitment to information security, integrity, control and confidentiality.  It will give confidence to your customers, stakeholders, employees and other interested parties that their data is secure with you.

The most recent revision of ISO 27001 was published in 2022 .Organisations that are already certified to ISO 27001:2013 can continue to operate under their existing certification until October 31, 2025, but you must transition to ISO 27001:2022 by this date. At MQF we are advising many businesses on the process of transition.

Benefits of an ISO 27001 Certification

  • Provides you with a framework of operational processes for full information security
  • Manage business continuity risksand maintain legal compliance
  • Improve Customer satisfaction
  • Give all your stakeholders confidence that your information is secure
  • Improve your business credentialsby differentiating you from competitors
  • Ensure maintenance and protection of customer records, financial information and intellectual property
  • Increased organizational efficiency

Certification Process - We have a 100% success rate!

With MQF the certification process is not just about ticking the right boxes to get the certificate. The most important outcome is that you benefit as a business. We have in-depth experience in ISO 27001 systems across a range of business sectors, from software companies to charities.

MQF advise clients throughout the whole process. The time it takes to get certification will depend on the size and complexity of your organisation, but we will set a timetable from the outset. Having installed numerous ISO systems across a wide range of business sectors since 1991, we know how to manage the process to get you to certification within the right timescales for you.

We will design, document, and implement an Information Security Management System that meets all the requirements of ISO 27001, but more importantly enhances your business and works for you as a business tool.

Wherever possible we use or adapt existing systems to cause you minimum disruption, and where you do not currently conform to ISO 27001, we will work with you to find practical solutions.

As an integral part of our service we will help you choose the right UKAS accredited Certification Body for your business and will guide you through the whole certification process. Our work is not complete until you gain certification.


Ongoing Support

As experienced ISO 27001 consultants, MQF provide continuing consultancy support and an internal audit service for many of our clients to maintain and improve existing systems.

Our Fees

We price each job individually taking into account the size of the organisation and the complexity of the work undertaken. We operate a fixed fee policy so that you know exactly what you are paying, with no hidden costs.