part of the phsc group
"QCS have, for several years, provided us with the support we needed to ensure our quality systems remain effective and in conformance with ISO9001. We look forward to continuing the working relationship."
Andrew Duncan Director of Vessels CMAL
We provide IRCA and CQI certified ISO 27001 training courses to help you achieve various levels of ISO 27001 certification. Our courses are led by highly trained and qualified experts who teach in an interactive and engaging manner, making your journey to recognition as easy and rewarding as possible.
Upcoming course dates and prices can be viewed on our dedicated course pages. As well as in house and public training courses, we also offer ISO 27001 consultancy services.
ISO 27001 is the internationally recognised standard for information security management systems (ISMS). It sets out the best practices that organisations should adhere to for identifying and protecting sensitive and classified information such as financial documents, employee information, client data, and more.
Your systems can be independently audited and your system certified, demonstrating that your information security arrangements are robust and effective.
Clients and customers often seek ISO 27001 certified suppliers and contractors for several reasons. Primarily, they are looking for assurance that their data will be handled securely, in accordance with the law, and only used for the purposes it is intended for.
Clients may also have ISO 27001 themselves and have chosen to filter down the supply chain an expectation that others work to a similar high standard. Having ISO 27001 is sometimes a prerequisite to be on a short list for tenders or proposals – without it you will not even get over the first hurdle.
"MCDowell Machine Tool Solutions was looking for support to develop and implement an effective management system to meet the requirements of ISO9001 and ISO14001. QCS International consultants were quick to establish what our specific requirements were and to introduce systems that were useful, relevant and that fitted in to our business. They have now become a part of our team to maintain and audit our management system."
"With QCS helping us we have really benefitted from having a quality management system. With QCS it is never a paper exercise – the systems have allowed us to grow, improve how we do things and see increased satisfaction amongst our customers. The support from someone looking in also means we get a fresh pair of eyes that highlights improvements and a new perspective. We hope the working relationship we have continues….."
ISO 27001 is suitable for businesses of any size, industry, or location. The standard stipulates several requirements that must be met. Most organisations will already be fulfilling some of these. For example, you must have in place mechanisms for maintaining the physical security of the equipment that stores data, record keeping on data destruction, and controls that allow you to process and analyse data securely and in accordance with your contractual obligations.
There are some requirements that organisations will find more awkward to achieve if they are unfamiliar with the international standard; QCS can help you with these and train your staff to be able to take your certification forward.
Gaining ISO 27001 certification is more than a badge. It requires you to self-examine and commit to improvement in your organisation’s processes. It also provides you with a framework for helping you understand the key risks you face and to develop strategies to manage them.
The first stage on the path to become ISO 27001 certified is to review your current arrangements against the clauses of the standard. This will highlight what gaps you have and what you might have to do to gain certification.
We can complete a gap analysis for you and can supply you with the training and support to deliver the identified actions.
Some of these gaps can take several months to fill as the certification body will want to see evidence that the systems you have are operating for some time. The types of things you might have to do include:
When ready, you invite a certification body to undertake a stage one and stage two audit of your organisation. Stage one reviews the design, structure and elements of the quality management system and stage two seeks evidence that it is working effectively. There can be up to several months between the stage one and two audits (but it can be a few weeks if everything has been set up successfully).
If all is satisfactory after stage two, you will be awarded certification. Certificates from UKAS accredited bodies are valid for three years.
Being awarded ISO 27001 certification is not the end of the process. ISO 27001 requires a commitment to continual improvement and maintenance of the effectiveness of your information security management system.
Your certification body will develop a programme of audits over three years. The frequency of these audits depends on the size of your organisation and what risks you face. Most small businesses have an annual visit. If there are no significant findings, you retain your certificate.
After three years a review is held and, if you have no major non-conformances, a new three-year certificate is awarded.
QCS only works with companies that are seeking a certificate awarded by a UKAS accredited body. The United Kingdom Accreditation Service (UKAS) is the only body based in this country that authorises organisations to award fully recognised certification to ISO 9001. Non-UKAS bodies exist but some organisations shall not recognise their certificates (be careful who you get your certificate from and for how long you are tied into a contract). If you are unsure what is best for you, then do get in touch.
Don’t forget to stay up to date with changes to the ISO 27001 standards.
