Governance, Risk Management and Compliance
|
Information Security
|
ISO 27001
|
ISO 27001
FAQ
FAQ

How does ISO 27001 work?

ISO 27001 advocates the use of an Information Security Management System (an ISMS for short), which is made up of a standardised set of policies, processes and procedures to enable you to identify what information needs to be protected, what types of protection you require and what mitigating actions can be taken to address any identified risks.  In effect, your ISMS outlines the approach you take to managing your information security.

Thank you that was great! We've already started work on review the controls - hadn't picked up on the change to risk management approach that this will drive so thank you for highlighting that!
Contact the ISO 27001 Experts Today
Book FREE Consultation
URM is pleased to provide a FREE consultation on Transitioning to ISO 27001:2022 for any UK-based organisation.
Find out more
related BLog
Governance, Risk Management and Compliance
|
Information Security
|
ISO 27001

Information Risk Assessment and Treatment in ISO 27001

Published on
5 Jun
2025

URM’s blog explains how to conduct information security risk assessments and implement risk treatments that are both efficient and ISO 27001 conformant.

Read more
Thumbnail of the Blog Illustration
Information Security
Published on
29/5/2025
Implementing Technological Controls in ISO 27001

URM’s blog offers key guidance on how to effectively implement technological controls in your organisation, the common challenges & how these can be overcome.

Read more
Thumbnail of the Blog Illustration
Information Security
Published on
23/5/2025
ISO 27001:2022 - A.5 Organisational Controls (Legal, Regulatory and Contractual)

URM’s blog explains the legal, regulatory & contractual controls in ISO 27001 & how they can be implemented in full conformance with the Standard.

Read more
Thumbnail of the Blog Illustration
Information Security
Published on
19/5/2025
ISO 27001:2022 - A.5 Organisational Controls (Information Security Management)

URM explains the 8 information security management controls included within the ‘Organisational controls’ theme and how to prepare for an audit of each control

Read more
"
URM has played a vital role in helping us and our clients achieve Cyber Essentials, Cyber Essentials Plus, and ISO 27001 certifications. URM's expertise and dedication have been key to the success of this process, and their assistance has enabled us to enhance our cybersecurity posture significantly and provide our clients with the highest level of protection against cyber threats.
Skye Cloud
contact US

Let us help you

Let us help you in your compliance journey by completing the form and letting us know how we can best support you.