What is information security?

Information or data exists in many forms, increasingly not limited to the paper-based records in filing cabinets and archives of every business and organisation. In our modern digital world, vast amounts of data are gathered, processed, stored and transmitted all across the globe every second of every day. In both physical and electronic form, data is subject to an increasing range of threats and vulnerabilities, all of which can affect its Confidentiality, Integrity or Availability. The proactive management of risks to information assets (and supporting assets upon which they depend - e.g. premises, hardware, software, cloud services etc) is one of the reasons for implementing an Information Security Management System.

We've helped more than 50 organisations to design and implement an effective Information Security Management System, and proceed to successful ISO27001 certification following assessment by an independent audit body. Our range of service includes:

  • Establishing a framework for your Information Security Management System (ISMS)

  • Creating and implementing appropriate security policies and procedures

  • Establishing an effective risk management (assessment and treatment) approach

  • Risk assessments for your organisation's information (data) and supporting assets

  • Security training for your employees and contractors

  • Managing security within your organisation's supply chain

  • Plans for identifying, reporting and addressing security incidents

  • Planning and conducting internal audits

  • Preparation and support for external certification assessments

We've prepared a helpful guide "What is ISO27001?"


The typical journey to certification is summarised in "Eight Steps to ISO27001 Certification"

Physical Security Assessments

  • Ensuring that your premises, assets, data and personnel are effectively protected

  • Validating that systems are functioning correctly, and evidence is being reviewed

  • Designing business continuity and disaster recovery plans for unexpected business interruptions

  • Training for personnel ... prevention is better than cure!

Managing Cyber Threats


  • Understanding your data and systems - and who has access to them

  • Implementing effective security controls to protect your organisation's IT assets

  • Ensuring protection against virus and malware, and other external threats e.g. hackers

  • Cloud-based infrastructure testing (including for Cyber Essentials Plus certification)

  • On-site experienced penetration testing teams

Training Services

Alongside our own customer-specific training offerings, Northdown Systems is an Official Partner of British Assessment Bureau (BAB), and is able to offer Northdown Systems' customers preferential rates on BAB's range of information security training.

Contact us to find out more.


Next Steps ...

To find out how Northdown Systems can help you with your information security activities, please get in touch for an initial conversation, in confidence and without obligation. We look forward to hearing from you.

Tel: 0203 474 1299

Email: info@northdownsystems.co.uk

Jump to Home, Quality Management, DocumentationAudit Services or Data Protection

Information Security and ISO27001 Certification and Training