Before we begin our ISO27001 journey, it is important that we understand what it is that we are trying to achieve. When most people hear the phrase information security, they automatically think that it is applicable only to IT and the securing of computers and networks.

But information can take many forms and is not only bits and bytes on computers or networks. Information can be printed or written on to paper; it can be verbal, whether spoken face to face, in a crowded room or over a telephone; or it can indeed be stored or transmitted electronically by computers, networks or fax machines.

Information is considered to be one of the most valuable assets a company can have. Customer databases, business ...