ISO 27001-Information Security Management Systems

 As a responsible manager working in the innovative plastics sector, you take precautions against theft of physical assets, you make sure stock is controlled, and you check your bank statements regularly. But have you thought about those other assets, the information stored in your IT systems, your patents and prototypes, your customer databases, your supplier contracts, your manufacturing processes? How easy would it be for a predator to corrupt, copy or destroy them?

Minimizing the threat: ISO27001 is a management system which identifies, manages and minimises a range of threats to business information. It provides guidelines for implementing a constructive risk management process, setting up policies, and ensuring a secure infrastructure is in place. Working on the same principle as the ISO standards, it follows the successful Plan- Do-Check-Act model. Existing systems are incorporated.


Identify what needs to be protected: implementing ISO 27001 requires the business to objectively assess risks, identify areas of loss, and set up preventative action plans. A typical Action Plan would cover:

1. Security policy
2. Organisation of assets and resources
3. Asset clarification and control
4. Personnel security
5. Physical and environmental security
6. Communications and operations management
7. Access control
8. Systems development and maintenance
9. Business continuity management
10. Compliance

Reassure your customers: Plastics businesses which hold the ISO27001 Standard are demonstrating to customers and suppliers that they have taken all reasonable measures to minimise risks and prevent unauthorised use of both company and customers’ data. You avoid the negative publicity of having valuable confidential information left on a train, found on a discarded computer, or printed off and left for a competitor to find.


Helping your business succeed: Awareness of the value of information, and systems in place to protect it from unauthorized use, support the management team in reducing the likelihood of delays, and down-time, as well as protecting the business’s intellectual property. Staff members are aware of their individual responsibilities, and the company has a framework for legal compliance. Existing systems are incorporated, and participation, consultation, and investigation processes are included. Continuous improvement is a built in function.

Integration with other standards: When a business already has ISO9001 in place, achieving ISO 27001 becomes much simpler. With an estimated million ISO 9001 certificates now issued in 170 countries, the ISO 9001 standards have been written to enable the company to relate them to other management systems relevant to the plastics sector.


This content has been kindly provided by Business Support Network Member IMSM