ISO 27001 Implementation

ISO 27001 – Information Security Management System

infosec digital padlockMost people believe information security is about firewalls and anti-virus software. The truth is that these technical controls are only a small part of an effective Information Security Management System or ISMS.

Email to discuss ISO 27001 implementation.

At Orbit we believe that information security problems usually arise because of human behaviour – therefore technology alone cannot be a solution.

Information Security is about implementing a set of procedural and technical safeguards, which will include organizational changes, physical security, compliance with applicable legislation, HR policies and of course IT, with the aim of protecting your most valuable assets – your information, i.e. your know-how, your intellectual property.

Just look at the latest findings 

infosec-infographic-breaches-2014This infographic is an extract from the BIS / PwC InfoSecurity Europe report, published to highlight the growing frequency and severity of InfoSec breaches in 2014, and although the number of UK data breaches and victims has gone down in the past year, the cost of the most serious incidents has risen significantly.


    • 60% of SMBs had a security breach (down from 64% in 2013)
    • £65k – £115k is the average cost to a SMB for data breaches, roughly double the costs for 2103.
    • 33% of SMBs suffered an attack from an unauthorised outsider.
    • 45% of SMBs suffered infection by malicious software.
    • Staff related breaches had almost halved over the period but still accounted for the worst breaches.
    • Encouragingly, security budgets are increasing and so is security awareness training.
    • But bear in mind, about 70% of breaches never reach the public domain!



We are professionally trained, fully qualified and, most importantly, experienced at ISO 27001 implementation. Typically we follow a simple step-by-step process that ends with a functioning system, ready for certification.

  1. infosec security meterExploratory meeting to discuss reason/need and level of commitment
  2. Agree the Scope (or boundaries) of the planned system and its goals
  3. Perform a Gap Analysis: review current practice and risks / opportunities
  4. Prepare the risk register, statement of applicability and develop the policies and procedural documentation.
  5. Drive implementation actions and support the effective communication to all staff.
  6. Ensure that the system (and your company) are ready for auditing by an external certification body.

Call us on 0330 660 0890 or email for an informal discussion about ISO 27001 implementation.