top of page


What is information security?

Information or data exists in many forms, and is no longer limited to paper-based records in filing cabinets. In our increasingly digital world, vast amounts of data are gathered, processed, stored and transmitted all across the globe every second of every day. In both physical and electronic form, data is subject to an increasing range of threats and vulnerabilities, all of which can affect its Confidentiality, Integrity or Availability. The proactive management of risks to information assets (and supporting assets upon which they depend - such as premises, hardware, software, cloud services etc) is one of the key reasons for implementing an Information Security Management System.

We've helped more than thirty organisations to design and implement an effective Information Security Management System, and proceed to successful ISO 27001 certification following assessment by an independent audit body. Our range of services include:

  • Establishing a framework for your Information Security Management System (ISMS)

  • Creating and implementing appropriate security policies and procedures

  • Establishing an effective risk management (assessment and treatment) approach

  • Risk assessments for your organisation's information (data) and supporting assets

  • Security training for your employees and contractors

  • Managing security within your organisation's supply chain

  • Plans for identifying, reporting and addressing security incidents

  • Planning and conducting internal audits

  • Preparation and support for external certification assessments

We've prepared a helpful guide "What is ISO 27001?"


The typical journey to certification is summarised in our Eight Steps to ISO 27001 Certification.

To purchase your own copy of the current ISO 27001 standard, see our helpful guide.

Physical Security Assessments

  • Ensuring that your premises, assets, data and personnel are effectively protected

  • Validating that systems are functioning correctly, and evidence is being reviewed

  • Designing business continuity and disaster recovery plans for unexpected business interruptions

  • Training for personnel ... prevention is better than cure!

Managing Cyber Threats


  • Understanding your data and systems - and who has access to them

  • Implementing effective security controls to protect your organisation's IT assets

  • Ensuring protection against virus and malware, and other external threats e.g. hackers

  • Cloud-based infrastructure testing (including for Cyber Essentials Plus certification)

  • On-site experienced penetration testing teams

Training Services

Alongside our own customer-specific training offerings, Northdown Systems is an Official Partner of both LRQA and British Assessment Bureau (BAB), and is able to offer Northdown Systems' customers preferential rates on BAB's range of information security training.

Contact us to find out more.

What do our clients say?
"VAKT benefitted from the detailed knowledge and support of the Northdown Systems’ consultant, in particular on our journey to
achieving ISO27017 certification, and subsequently support for VAKT’s SOC2 accreditation. Their efficient and pragmatic approach
to implementing policies, risk management, internal audits and security controls greatly assisted VAKT in achieving its certification
and attestation goals" (Nicholas Secrier, Information Security Officer, VAKT Global)


Information Security and ISO27001 Certification 

bottom of page