Information Security Management Systems

Protect information and data, manage threats and gain customer confidence.

What is an information security management?

Information is the lifeblood of all organisations and it can exist in many forms: print, electronic, e-mail, video, film or the spoken word. In today’s competitive environment, such information is constantly under threat from many sources. With the advent of PCs, e-mails and the internet, organisations are exposed to new areas of risk; viruses, worms and Trojan horses have all been given completely new meanings. However, information security management may also need to address the more old-fashioned risks arising as a result of human error, staff security and even industrial espionage.

The way in which you gather, manage and use information can mean the difference between success and failure. Get it right and you’ll thrive. Get it wrong and the risks and penalties can organisationally fatal.

What is an information security management system?

ISO 27001 is a framework which allows organisations to identify and value information assets, assess threats and the associated vulnerability of the assets, identify existing controls, assess associated risk and develop controls, where required, or accept the risk.

Essentially, information security management is about ensuring the integrity, availability and confidentiality of your data.


A process which can be undertaken in isolation or in accordance with codes of practice and standards such as ISO 27001 which asks a company to.

  • Identify and value all assets
  • Assess threats and vulnerability
  • Identify existing and planned controls
  • Assess risk and develop new controls where required
  • Develop and promote an information security policy
  • Check and review

What are the benefits of an information security management system?

A robust, properly implemented and well-maintained information security management system will:

  • Provide customers and stakeholders with the confidence that you manage information security risk
  • Keep confidential information secure
  • Allow for secure exchange of information
  • Ensure you are meeting your legal obligations
  • Provide you with a competitive advantage
  • Build an information security culture
  • Protect the company, assets, shareholders and directors


Our Clients Love Us


The Easy Choice

“From the initial interview stage, through to a final selection process, it became an easy choice with Statius management being appointed as consultants for SERAPID ISO certification. Clint was integral to us achieving certification and made the whole process relaxed with a very professional approach!”

Simply ISO9001

“Statius took time to understand us, then they made ISO9001 very simple whereas other consultants had made it impossibly complicated”

Mindset management

“This (assignment) has confirmed some things I knew, and that was useful; some things I didn’t and that too was useful. However, most importantly, I guess we all felt a bit uncomfortable at times but now we have a real and robust improvement plan to go forward with.”

Mindset management

“The (performance improvement) work you have undertaken has providing a real opportunity for us to break out of our mindset… I’m just afraid it will stop!”

Streamline and simplify

“I have to say from a personal viewpoint, since you came on board you have helped streamline and simplify our systems brilliantly, and continue to do so, which makes my job much more straight forward, and I thank you very much for all your efforts...”

Securing new business

“Without the help of Statius and the systems and processes developed we would not have secured £27m of framework agreements and term contracts.”

Changing thinking

“Statius challenged and changed our thinking, without them we would never have changed the business model and we’d be far less prepared for sale.”

Integrated management

“Statius’s hands on approach and genuine interest in the development of the Integrated Management System meant that we successfully achieved ISO 14001 certification (at the first attempt) and we shall rely on their future support as we develop our systems.”