What is the IS Code?
TQCSI’s Information Security (IS) Code for information security management systems is a standard to which companies can develop a system and gain certification to demonstrate their compliance with fundamental information security requirements. Based on the international standard, ISO/IEC 27001, it embraces many of the international requirements but is not as prescriptive and much less bureaucratic. It is an ideal ‘stepping stone’ for companies who wish to work towards ISO/IEC 27001 certification and may satisfy pre-qualification requirements for larger clients.
Information security is predominantly IT related but not completely. Other information security related processes also need to be considered such as phones, HR information, access to the premises and physical security.
Click here to download a copy of the TQCSI IS Code
Benefits of an Information Security Management System
An Information Security Management System (ISMS) enhances overall security by providing a structured approach to identifying and mitigating risks to sensitive information. An ISMS helps ensure compliance with regulatory requirements and industry standards, reducing the likelihood of costly fines and penalties. It also improves operational efficiency by streamlining security processes and clarifying roles and responsibilities.
Organisations can gain a competitive advantage by demonstrating their commitment to data protection, which builds trust with customers and partners. The benefits of ISMS certification for your organisation include:
Why certify with TQCSI?
TQCSI is a leading certification body specialising in Information Security Management Systems (ISMS). With offices around the world, we provide affordable and reliable ISMS certification services delivered by local experts.
We have certified thousands of organisations, ranging from small businesses to large enterprises, across various industries. Our certification process is designed to be straightforward, efficient, and cost-effective, ensuring your business meets the highest standards of information security management.
Start your ISMS Code certification now
Whether you already have an Information Security Management System Code in place or not, we can help. Contact your local TQCSI office today to get started with ISMS Code certification.
Call us todayHow to prepare for ISMS Information Security Management System certification
When you apply for ISMS certification, our auditors will Perform a thorough risk assessment to identify potential security threats and vulnerabilities in your organisation.
Below are some of the requirements you will need to satisfy the ISMS code requirements.
Information Security System Requirements
An Information Security Management System (ISMS) requires organisations to:
- Understand their information security-related external and internal issues, and interested parties
- Have an Information Security Policy describing senior management’s commitment
- Assess potential information security-related risks
- Develop a Statement of Applicability based on controls listed in Annex A to the Code
- Monitor controls listed in the Statement of Applicability to ensure their effectiveness
- Develop and monitor information security objectives
- Ensure staff are competent and understand the information security management system
- Control any outsourced information security-related processes (e.g. IT services)
- Control information security nonconformances
- Take corrective action for significant or repetitive nonconformances
- Conduct internal audits of the information security management system
Documentation Requirements
Organisations must have all necessary documentation, including policies, procedures, risk assessments, and evidence of ISMS implementation. This will be crucial during the certification audit:
- Information Security Policy: typically a one-page document declaring a commitment to information security
- Statement of Applicability: register of risk assessment and controls
- Procedures: as many or as few as you need; ideally, they are brief instructions for employees to follow (e.g. backup process)
- Registers: for information security objectives and nonconformances
Implementing an Information Security Management System
Implementing an ISMS involves a structured approach to managing an organisation's sensitive information. The process typically begins with obtaining management support and defining the scope of the ISMS. Organisations often follow frameworks like ISO 27001 to guide their ISMS implementation, which may culminate in certification if desired.
ISMS Certification mark for Information Security Management Systems
TQCSI's Information Security Management System certification mark is recognised worldwide. Once certified, you can proudly display the certification mark to promote your IS Code certification.
Other TQCSI Management System Codes
TQCSI ESG Code:2024
Certification of Environmental, Social and Governance Management Systems Code
TQCSI QHSE Code:2013
Certification of Quality, Health, Safety and Environment Management Systems
TQCSI HR Compliance Code:2019
Certification of HR Compliance Management Systems
SBQMC Code:2013
Certification of Small Business Quality Management Systems
View All Standards
Want to know more about ISMS Code Certification?
Certification of an Information Security Management System (ISMS) Code builds trust with clients and partners by demonstrating a commitment to robust security practices and compliance with international standards.
We ready to answer any questions you have about ISMS Code certification for your business, so get in touch or email us at info@tqcsi.com