ISO/IEC 27001:2013 Certification for information security management
What is the ISO 27001 certification?
ISO 27001 identifies best practices as to how organisations should manage information in a secure manner, including implementing appropriate security controls to mitigate risks.
The basis of this certification is the development and implementation of a rigorous security program.
It must include the development and implementation of an Information Security Management System (ISMS) that defines how Griffiths & Armour manages security in a holistic, comprehensive manner, including how it implements security controls to mitigate risks. This is the Gold International Standard for Information Security and demonstrates that IT systems and internal controls are maintained to the highest levels.
Griffiths & Armour first achieved ISO 27001 Certification in May 2022, with our most recent renewal being in 2024.
ISO 27001 is an international standard that specifies best practices in security management and requires comprehensive security controls following the ISO 27001 best practice guidance.
This widely-recognised international security standard specifies that entities:
- Systematically evaluate information security risks, taking into account the impact of threats and vulnerabilities
- Design and implement a comprehensive suite of information security controls and other forms of risk management to address organisational and architecture security risks
- Adopt an overarching management process to ensure that the information security controls meet the information security needs on an ongoing basis
- Develop and maintain an organisational culture that embraces cyber and information security as part of daily operations
Dave Atkinson, Head of Technology at Griffiths & Armour said:
“As a firm we already hold UK information security standards Cyber Essentials and Cyber Essentials Plus certifications, but as cyber threats and risks to businesses continue to evolve, this ISO 27001 accreditation further reinforces Griffiths & Armour’s ongoing commitment to protecting our firm and clients from developing risks in the fast-moving cyber landscape. We worked closely and collaboratively with SureCloud to achieve certification, and our thanks go to them for all their help and assistance.”
Ben Jepson, VP at SureCloud added:
“We were delighted to assist Griffiths & Armour on its ISO 27001 journey, helping them to achieve certification and a plan to maintain it moving forward. Our Capabilities bring together the right combination of Gartner-recognised Governance, Risk and Compliance (GRC) software and world-class cyber and risk expertise, whether working towards an ISO certification or managing third-party risk. We pride ourselves on providing the necessary support, through technology and consultancy.”
FAQs
We welcome the ISO 27001 standard and best practices into our organisation.
Griffiths & Armour’s implementation of and alignment with ISO 27001 demonstrates a commitment to information security at every level of the organisation. The assessment by an independent third-party auditor to validate alignment with the ISO 27001 standard has been a valuable process. Compliance with the internationally-recognised standard and code of practice is evidence that our security system are comprehensive and in accordance with industry leading best practices.
The certification confirms Griffiths & Armour’s commitment to the security, confidentiality, and continued availability of client services. The key to these standards is the development, implementation, and continuous improvement of the firms’ rigorous security management program, which forms the foundation of Griffiths & Armour’s security approach.
- Griffiths & Armour
- Griffiths & Armour Professional Risks
- Griffiths & Armour Insurance Brokers
- Griffiths & Armour Global Risks Limited
- Griffiths & Armour Risk Management Limited
- Griffiths & Armour (Holdings) Limited
- Griffiths & Armour Europe DAC
ISO 27001 certification demonstrates Griffiths & Armour’s commitment to information security at every level. Compliance with this internationally-recognised standard, validated by an independent third-party audit, confirms that our security management program is comprehensive and follows leading practices.
This certification provides more clarity and assurance for clients when evaluating the breadth and strength of security practices.
The British Standard Institute (BSI), an ISO certifying agent accredited by UKAS Management Systems.
The ISO 27001 standard keeps information assets secure and provides additional security for organisations to manage their assets, for example financial information, intellectual property, employee details or information entrusted by third parties. ISO has made the decision to copyright these standards in an effort to help fund the processes leading to development.
As part of the process, Griffiths & Armour had to demonstrate a continuous and systematic approach to managing and protecting both company and client data. Working in partnership with SureCloud, the world’s first Governance, Risk, and Compliance (GRC) Capability company, to attain accreditation, Griffiths & Armour was audited by The British Standards Institute (BSI) which observed cyber security, Information Security Management Systems (ISMS), and privacy protection processes across the entire firm.