ISO 27001, and the accompanying supporting standards in the series, allow you to establish a framework around which you can properly manage information security in your company and, if required, receive external accreditation to a formal and internationally recognised standard.

Customer specifications and Invitations-To-Tender, especially for suppliers to local and central government, and their agencies, are beginning to require adherence to, if not actual certification, to security standards. Data Protection authorities, the Financial Services Authority (for regulated organisations) and other regulators, especially with the recent rash of breaches in the security of sensitive customer data, are looking for evidence, rather than mere assertion that appropriate security standards have been indentified and are being met.

Working towards and applying ISO27001 provides business management with the assurance that Information Security is being competently managed within their organisation: from considerations of business risk, value chain protection and legal and regulatory compliance. Security controls are properly specified and correctly implemented - whether technical, personnel or procedural - and their effectiveness is appropriately monitored.

Certified companies or divisions can show to current and prospective customers that they can be trusted to manage security appropriately, respond quickly to issues or incidents, and have audit records to prove this to regulators.