Brand Consulting Group, Inc.
About UsServicesContact Us

ISO 27001:2005



The value of an organization's information and several recent high profile information security breaches are highlighting the ever increasing need for organizations to protect their information. An Information Security Management Systems (ISMS), like ISO/IEC 27001:2005, is a systematic approach to managing sensitive company information so that it remains secure. It encompasses people, processes and IT systems. In this section you will find information on all of our ISO/IEC 27001:2005 products and services; they will help you understand, implement and become registered to an Information Security Management System. ISO/IEC 27001:2005 is a standard setting out the requirements for an Information Security Management System. It helps identify, manage and minimize the range of threats to which information is regularly subjected.

ISO/IEC 27001:2005 covers the following topics:
  • Security policy - This provides management direction and support for information security
  • Organization of assets and resources - To help you manage information security within the organization
  • Asset classification and control - To help you identify your assets and appropriately protect them
  • Personnel security - To reduce the risks of human error, theft, fraud or misuse of facilities
  • Physical and environmental security - To prevent unauthorized access, damage and interference to business premises and information
  • Communications and operations management - To ensure the correct and secure operation of information processing facilities
  • Access control - To control access to information
  • Systems development and maintenance - To ensure that security is built into information systems
  • Business continuity management - To counteract interruptions to business activities and to protect critical business processes from the effects of major failures or disasters
  • Compliance - To avoid breaches of any criminal and civil law, statutory, regulatory or contractual obligations, and any security requirement

ISO/IEC 27001:2005 is the updated version of the world renowned British Standard for Information Security Management Systems, BS 7799-2:2002. The main change to the standard is that it is now international. This means that in addition to international recognition and acceptance of the British Standard, organizations can develop and implement a global framework for managing the security of their information. This international version has also received several updates to clarify and strengthen the requirements of the original British Standard, BS 7799-2:2002. An organization using ISO/IEC 27001:2005 as the basis for its ISMS, can become registered, thus demonstrating to stakeholders that the ISMS meets the requirements of the standard.

Services include:
All of our consultants are certified auditors.    

© 2006 Brand Consulting Group, Inc.