Skip to main content
IT Services

ISO27001 project

ISO 27001 is a widely used international standard for information security. It takes a risk-based approach, where organisations identify security risks and select appropriate controls to address them.

The standard includes 93 security controls, grouped into 4 themes:

  • Organisational
  • People
  • Physical
  • Technological

 

What are the benefits of ISO 27001 and why is ITS looking to gain certification?

Queen Mary University London is concerned about the current cyber threat landscape with higher education establishments being actively targeted by organised criminal groups. Queen Mary is committed to adopting a robust approach to cyber security in order to protect itself from cyber-attacks. Fundamental to this strategy is the implementation of an Information Security Management System (ISMS) and certification to ISO 27001.

An ISMS is an integral component for managing security risks systematically across the entire university, helping provide assurance of Queen Mary’s resilience to cyber-attacks and ability to respond to the evolving threat landscape. An ISMS and ISO 27001 certification will establish a robust governance regime which includes formal risk treatment plans and performance metrics to drive continual improvement.

In addition, ISO 27001 is increasingly being required for tenders and research bids as it is the “Gold Standard” and the most widely recognised measure of an organisation’s information security maturity. Working towards and gaining the certification will help give the University a competitive advantage when tendering for new contracts and applying for research grants.

 

Scope of ISO 27001 project

ISO 27001 project scope and example use cases

 

Key roles and responsibilities related to the ISMS (Information Security Management System) ISO 27001 certification  

Within IT Services the Office of the CIO has responsibility for the ISMS and ISO 27001. Key contacts are:

 

When and where will the ISMS and ISO27001 policies will be launched?

IT Services plans to launch ISMS and associated policies in February 2025.

 

Timeline for the journey to certification 

(Please click on the timeline to view the full image)

 

 

 

 

Progress with implementing policies

Please review our tracking document:

Progress with implementing policies [DOC 31KB]

 

How to raise an issue or opportunity for improvement related to the ISMS?

You can contact the Cyber Security team via the following email address: it-security@qmul.ac.uk. Alternatively, more general information about online security and hygiene can be found on Queen Mary's cybersecurity page.   

 

How to raise an information security risk with IT Services?

Please contact the IT Service Desk if you are facing any concerns. 

 

ISO 27001 Policies

Link to policies to follow.

Back to top