ISO27001 is the standard that defines an information security management system (ISMS): procedures and controls that ensure an organisation is considering security in relation to every aspect of its operations, and monitoring the effectiveness of security procedures correctly. It is designed as a foundation for maintaining effective security, and should be used to drive continuous improvement in security management.

The standard is not overly prescriptive, because it needs to be flexible enough to be used by a huge variety of organisations. But this makes it vital that an organisation seeking to achieve compliance has a clear understanding of exactly how it applies to that organisation’s operations. So the first step towards compliance is to establish the scope of the certification process. Context can help organisations through this initial phase, before assisting with the next stage: the gap analysis which defines exactly what a client needs to do to achieve compliance.