Organic Business Performance Improvement


This standard is not targeted at large corporations, institutions, or any specific type of business.  It is actually intended for organisations of any size and fundamentally is intended for the following types of organisation:

  • Any organisation that recognises the importance of information security
  • Organisations that need to demonstrate compliance with specific legislation or regulations


There are many reasons for any organisation committing to establishing, implementing and maintaining an information security management system.  Some of the common drivers include:

  • Customer demands
  • Identified market opportunity
  • Legal or regulatory requirements
  • An identified need to improve performance
  • Seeking to reduce commercial risk
  • Implementing information security as part of Business Continuity Management


A well documented and accredited Information Security Management System will give you several organisational benefits including:

  • An effective information security management system
  • Tangible mechanism for continual business improvement
  • A positive attitude towards risk management
  • An effective incident management system
  • Effective KPIs


Take the first step towards achieving the standard by answering six simple questions in the form below, or simply contact us for more information.

ISO 27001 Questions    
ISO 27001 Introduction    

Implementing ISO 27001:2013

ISO 27001 is the only auditable international standard which defines the requirements for an information security management system (ISMS). This standard covers all types of organisations and information formats, and is not simply an IT related ISO standard.  All information used by organisations of any size, is covered by the standard, this includes electronic and hard copy formats as well as information that is known by employees and suppliers.

The standard is designed to ensure the selection and implementation of adequate and proportionate information security controls .  ISO 27001 helps to protect information assets and give confidence to interested parties including an organisation’s customers. The standard adopts a process approach for establishing, implementing, operating, monitoring, reviewing, maintaining, and continually improving an organisation’s ISMS.  The standard preserves the confidentiality, integrity and availability of information by applying a risk management process and gives confidence to interested parties that risks are managed effectively and appropriately. These three core attributes are defined as follows:

  • Confidentiality – ensuring that information is accessible to only those authorised to have access
  • Integrity – safeguarding the accuracy and completeness of information and processing methods
  • Availability – ensuring that authorised users have access to information and associated outputs when required

The intent is that this standard should be integrated with other management systems such as quality (ISO 9000 series), environment (ISO 14001), health and safety (OHSAS 18001) and business continuity management (ISO 22301).

The standard itself is constructed around Schewart's original Plan, Do, Check, Act cycle of continuous improvement, often called Deming's cycle.  The 10 specific clauses are highlighted in the diagram below:

ISO 27001 ISMS PDCA Cycle

The development of an ISMS represents a proactive, systematic and logical approach to address the challenges of information security, rather than a piecemeal approach to security breaches.  Organisations are faced with increasing information security risks, be they internal or external, the standard enables effective risk management to counter these organisational threats.

Deciding to implement an ISMS is a significant challenge to the organisation, even if an accredited quality management system exists, it will involve a great deal of work throughout the organisation.  The ISMS cannot become the preserve of one person, as the system is pervasive and must be effectively operated throughout all defined activities within the organisation.  This standard requires total commitment and participation from the leadership of the organisation. The implementation process can be broken down into a six step process as illustrated below:

6 Steps to ISMS Implementation


NetGrowth can help you to develop and implement your ISMS in accordance with the requirements of the ISO/IEC 27001:2013 standard. For more information please contact


Copyright 2022 by NetGrowth Ltd