- Management Standards
- Certified Companies
The QG Information Security Management Standard, Information Security Essentials has been written using the principles of ISO 27001 which helps SME’s understand their information security management system and then gives them an opportunity to implement a fit for purpose foundation system into their company. The standards are recognised as an externally accredited information security management system and can be used to gain business through PQQ’s and tenders.
The QG system has two levels of assurance;
You define which level of assurance you require by utilising the risk matrix below……
Then give QG a call on 01228 631681 and we’ll talk you through the process.
To qualify for your Information Security Essentials Certificate you are required to provide evidence that you meet the Information Security Essentials Requirements. We have made this easy for you by providing a Information Security Essentials Questionnaire that asks you the relevant questions, you’ll need to attach some items such as screen grabs or policy notes to evidence compliance. On completing the questionnaire to our satisfaction you will be awarded your Information Security Essentials Certificate. The successful completion of the QG Information Security Management template* meets this requirement.
You may be required to provide further assurance to your customers that you meet the requirements of the Information Security Essentials programme. This is called Information Security Essentials PLUS and involves an audit at your premises of your management systems as well as the completion of your questionnaire.
If you require support implementing your Information Security Management System there are QG Accredited Practitioners who have been trained by ourselves in the implementation of the QG Information Security Management Standard. They each use the QG Management template to build and document your information security management system and will provide a system fully compliant with the QG Information Security Management Standard.
It would not be right for Practitioners to do this alone, whilst they’ll give you guidance to produce the documentation you are required to implement the system into your own organisation.
QG Accredited Practitioners are independent to QG Business Solutions the operator of the scheme. Practitioner support can be a combination of onsite and offsite support.
The QG Information Security Management Template is a copyrighted document used by QG Accredited Practitioners to implement systems to the QG Information Security Standard. Use of the template and practitioners can often be more cost effective than doing it yourself as systems are generally compliant first time.
What is the QG Information Security Management Standard?
QG Business Solutions Ltd, offers small and medium sized businesses the opportunity to obtain external recognition of their information security management systems prior to them gaining an ISO accreditation. The standard has been written using the principles of ISO 27001 and helps SME’s understand Information security management and gives them an opportunity to implement a fit for purpose system that helps them run their business. The standard is recognised as an ‘externally accredited information security management system’ and can be used to gain business through tenders.
How does this help when ‘working towards ISO 27001’?
The QG Standard has been written using the principles of ISO 27001 and gives formal recognition to businesses who have implemented an information security management system but have not yet obtained enough evidence to meet the full ISO 27001 Information security Management Standard. Some businesses currently use a consultants letter as evidence of ‘working towards ISO 27001’, this standard gives external recognition to this process.
Why does this work for SME’s?
The QG standards were first developed in 1994 by Cumbria Enterprise Agency to assist SME’s achieve BS5750, 80% of BS5750 for 20% of the cost. In recent years that same policy of assisting SMEs has developed to include the ISO 27001 standard so that large businesses can attract local SME’s break into their supply chain and thus meeting local political and economic targets. This standard works for SME’s because it is specifically designed for SME’s at the same time as meeting larger businesses need for the conformance with an ‘externally accredited Information Security Management Standard’.
Why implement an Information Security Management System?
Large organisations in the public and private sector ask in their tender documents ‘have you an externally accredited management system’ Organisations expect these to follow the principles of ISO 27001 therefore we have designed a standard that sits somewhere between no formal system and ISO 27001 depending on your circumstances and risk profile.
What happens when I grow?
Some businesses keep the QG Information Security Management Standard and never go for accreditation to the ISO 27001 standard. However, if you decide you need to progress and achieve the ISO 27001 standard we are with you all the way. Our associates are qualified to assist you in achieving the appropriate standard.
How long will it take to achieve the QG Standard?
This depends on what you already have in place. Unique to the QG standard is that we look at how you operate the business and document it. Providing what you do meets all ten areas of the QG Information security Management Standard then you meet the standard. If you don’t then we will tell you what’s required, you implement it for a period of time and then achieve the standard.
How do I know what to put in my Information Security Policy?
At the present time many contractors are just looking for you to provide an information security policy, how long this will last is anybody’s guess. What QG is able to offer is for an external information security management specialist to work with you not only to develop a fit for purpose Information security policy but to encapsulate it into an accredited Information security management system which conforms to the QG Information Security Management Standard. You could of course google ‘Information security management policy’ and copy another companies, but will this actually work for you if something goes wrong?