• ISO 27001

ISO 27001

Information is essential for the proper functioning of an organisation. Its efficient and especially secure processing is an important topic today. It is important to protect information adequately, especially against unauthorised access, leakage, destruction or loss. That is why there is an Information Security Management System (ISMS) that helps to manage information throughout its life cycle.


What is ISO 27001, ISMS?


ISO/IEC 27001 is an internationally applicable standard or framework for information security management systems, called ISMS. It is based on the three basic principles of confidentiality, availability and integrity. In particular, the ISMS defines the requirements for information security trust management for employees, processes, IT systems and company strategy. The adoption of an ISMS should be one of the fundamental strategic decisions of an organisation.


Why do you need an ISMS?


ISO 27001 certification is an essential pillar for protecting your assets. Holding an ISMS certificate according to the standard assures your customers that they have secured not only their own data, but also client data, as well as proactively managing and handling confidential data. By implementing an ISMS, an organization can identify potential risks and threats from information leakage and loss, thereby minimizing them.


BDO's approach


We offer our clients a complete process for implementing an information security management system into their organization, including preparation for a certification audit. Implement an ISMS into your organization with BDO in the following 5 steps.


  1. First, we will conduct an initial information review where the necessary ISMS documentation will be reviewed and we will help you modify or improve it if necessary.

  2. We will define the scope of the ISMS including the stated responsibilities for the information security management system and help you modify or create security policies.

  3. We will review your asset inventory and asset management system. If your organization does not manage assets, we will suggest an appropriate methodology and help with implementation.

  4. We will provide consulting services and support in risk identification. We will help you design or implement an appropriate methodology for their assessment and management within the ISMS.

  5. We will help your organization prepare for a certification audit to obtain ISO/IEC 27001 certification.