Graham Hill Consulting is now ISO 27001:2022 Compliant!
“The ISO27001 Compliance Project has validated Graham Hill Consulting’s unwavering dedication to ensuring the highest standards of security and confidentiality for our clients' sensitive information. Adherence to this internationally recognised information security standard underlines our commitment to stringent security practices, risk management protocols, and continuous improvement strategies in safeguarding data.” - Graham Hill, CEO Graham Hill Consulting
With the ISO27001 framework in place, Graham Hill Consulting aims to:
Enhance Client Trust: Providing assurance to clients that their sensitive data is handled and protected according to the highest international standards.
Continuous Improvement: Implementing a systematic approach to continually assess and improve information security measures, ensuring adaptability to evolving threats.
Compliance and Risk Management: Strengthening the company's risk management framework while staying compliant with regulatory requirements.
ISO27001, is an internationally recognized standard, that serves as a blueprint for establishing, implementing, maintaining, and continually improving an information security management system (ISMS). It provides a systematic approach to managing sensitive company information, encompassing; our employees, contractors, customers, suppliers, processes, and technology, thereby ensuring the confidentiality, integrity, and availability of data.
Compliance to ISO27001 requires a similar management system framework to ISO9001 or any of the other management system standards such as ISO14001/45001 etc. Graham Hill Consulting has documented information supporting the implementation of Context, Leadership, Risk, Objectives, Document Control, Training, Internal Audit, KPIs, Management Review and Corrective Action processes. We have also documented policies and processes for key information security risks as required by ISO27001 - Annex A. There are a total of 93 controls that are categorized into 4 sections in the Annex:
A5: Organizational controls (37 controls). Examples include: policies for information security, roles, responsibilities, classification of information, labelling of information, access control, access rights, and threat intelligence.
A6: People controls (8 controls). Examples include: screening, terms of employment, information security awareness, and remote working.
A7: Physical controls (14 controls). Examples include: clear desk / clear screen, equipment maintenance, and storage media.
A8: Technology controls (34 controls). Examples include: user end point devices, privileged access rights, and protection against malware.
An excerpt of our Statement of Applicability document con be reviewed by following the link below. For more information on our policies and justification of exclusions, please contact our Information Security Officer: Graham Hill, CEO Email
Our Information Security Policy: