10 years QMUKQMUK ISO 9001 logo  

enquiries     email    0800 032 9001

ISO 9001 / 14001 Presentation Steps to ISO 14001 Certification
border
ISO HomeISO Information NewCurrent ISO ServicesISO Services Contact usContact us ISO, SIA & UKAS LinksISO & UKAS Links

QM.UK Home
Site Map

 ISO 27001:2005
Information Security

9001:2008
14001:2004
OHSAS 18001
Cost
FAQs

our enquiry form
e-mail

UKAS - UK Assessment Service
ISO - International Organization for Standardization

ISO 27001:2005 Certification/Registration

Our proven route to certification is standard & as 9001:

Initial visit/Gap Analysis – Document System – Support/Train/Provide all Documentation – Internally Audit – Correct Audit Findings – Support during Independent UKAS Assessment – Fixed Cost Guaranteed UKAS Certification

ISO 27001 requirements: -

Our systems help you manage & protect both your own & your customer’s data.

In an ever increasing age of security awareness & media exposure of careless information handling, the protection of data is critical. Sectors such as finance, health, public and IT have become particularly sensitive. Hence, certification to the standard is increasingly winning both confidence & new contracts: -

- Security Policy

Top Management must define a policy that is appropriate to control its Information Assets & evaluated risks.

- Statement of Applicability

The company must fully review the requirements of the 27001 standard. It should then complete a “Statement of Applicability” identifying the controls necessary to address each clause as applicable.

- Risk Evaluation

The company must define a risk assessment methodology for Information Security (IS) risks.

Identify criteria for accepting risks and identify the acceptable levels of risk.

Develop a Risk Treatment Plan to bring all identified risks to an acceptable level.

  • Identify all assets of the company relating to information security and compile an Asset Register.
  • Identify combinations of threats and vulnerabilities relating to the asset (an IS Aspect), and then identify the impacts that losses of confidentiality, integrity and availability may have on the asset using an Asset Risk Assessment Report.
  • The impacts take into account the business, legal or contractual obligations that the company has.
  • The impact of the losses is given a monetary value using the guidance on the asset Risk Assessment Sheet.
  • The assessment then looks at the likelihood of the security failure occurring by a combination of the frequency of the threat and the likelihood of success.
  • A combination of the impact and likelihood of the security failure provides a level of the risk normally in three categories:

Low Risk No immediate action required although there may be improvements in processes/technology that reduce the impact of the security failure further.
High Risk Must be included in the Risk Treatment Plan for positive actions to reduce the risk
Medium Risk Must be included in the management review of the IMS with actions identified if required and inclusion in the Risk Treatment Plan

The Asset Risk Assessments are included in the IS Management Review, the meeting identifies a risk treatment plan for High and selected Medium Risks, identifying timescales, actions and responsibilities to complete.



back to top
QMuk Update



-

QM.UK
Systems + Simplicity

-

27th January 2012

First of 2012

following a successful programme & concluding an assessment by a UKAS Approved Certification Body

ATLAS

 were recommended for

ISO 9001 (Quality)
UKAS Registration

Atlas provide Maritime Security & Training Services

visit their website @
www.atlasinc.co.uk

-

Environmental impact is continuing to be an important issue across the globe, with awareness ever growing Commercial, Consumer & Social pressures are also building up on businesses. As a result, the advantage of being able to demonstrate a commitment to minimising the impact of your activities on the environment through ISO 14001 Registration is rapidly escalating.

Currently there are up to 50% Grants available throughout
SW England

Any office-orientated company embarking on a 9001 registration programme with us will receive our 14001 consultation (resulting in simultaneous registration)

free of charge

(For all other organizations
the add-on fees are
capped at 50%)

With genuine commitment
UKAS ISO 14001 Registration
can be achieved in 30 days

-

We are now actively gaining
ISO 27001 Certification
for our customers

Information Security
Management Systems

Our systems help you
manage & protect both
your own & your
customers data.

In an ever increasing age of security awareness & media exposure of careless information handling, the protection of data is critical. Sectors such as finance, health, public and IT have become particularly sensitive. Hence, certification to the standard is increasingly winning both confidence & new contracts.

-

Consultants Required
ISO 9001, 14001, 27001 &
OHSAS 18001

please submit details to:
vacancies@qmuk.co.uk

Call for free!

0800
032
 9001

QM.UK
Systems + Simplicity


QM.UK use UKAS Accredited Certification Bodies only. Companies who do not deploy UKAS Accredited Bodies or offer Certification within weeks, normally certify their own systems. This can be considered as credible as a driving instructor issuing his own driving licences - government warning

grey line

Contact details



Freephone 0800 032 9001

e-mail: enquiries@qmuk.co.uk

London, Poole, Bath, Birmingham, Cardiff, Liverpool, Glasgow - England, Scotland & Wales.............. Full National Coverage.

International Enquiries:
00 44 1202 739631
Successfully operating in Dubai, Germany & France....




Registered Office:



1 Gleneagles Avenue
Poole
BH14 9LJ