(Past Event)

ISO 27000 - A Basis for Business Security Strategies

"ISO27001 is a useful tool in setting up a security strategy. It is not prescriptive, and can be adapted. Many organisations do not seek certification, but rather use a cut down version that meets the organisation's security objectives."
Security Strategy and Policy Reality Checker, July 2011



The recent tISS Security Strategy and Policy Reality Checker revealed that the majority of Forum members use the ISO 27000 series of Information Security Standards as a basis or guideline for their approach to corporate security.

Though relatively few responding organisations were ISO 27000 certified, many were currently either working towards this (over 60%), or following the best practice offered (over 70%). Additionally, there is considerable interest in how businesses are managing to 'push', or enforce, compliance across suppliers and partners.

This workshop will enable members to share their adoption - and adaptation - journeys and experiences; find out how what, why and how modifications have been made; and justify why certification is the right route for some, impractical for others.

Note: References to ISO 27000 are intended to cover the series of information security standards.



Allen & Overy


To share knowledge and learn from the experience of corporate IT peers in achieving certification with ISO 27000, or in the potential application of ISO 27000 in their organisation.

Who should attend

Senior IT professionals with a responsibility for, or interest in, ISO 27000 and the success of security strategies in corporate IT.


The final agenda will be developed through consultation amongst delegates - provisional discussion areas include:
  • Identifying and prioritising elements of ISO 27000 for your business. How do you establish the case for return on investment?
  • Tailoring to align with business needs and requirements
  • To certify, or adopt as best practice
  • Successful advocation of ISO 27000 across partners and suppliers
  • Maintaining compliance
Unparalleled Learning

Members Include

united biscuits
travis perkins
start stop bwd fwd

"Just wanted to say thanks; another great day where I have come out with more knowledge than I entered with"

"Many thanks; [the event was] very good and beneficial"

"I have never not found a day interesting"

"The Corporate IT Forum is a fantastic level check, free of vendor sell and consultancy hype. I like the open sharing of experience…"

"We get valuable knowledge and experience from members of The Corporate IT Forum. This helps us to make better and informed decisions to reach our business goals…"

"The knowledge from other people on what they are doing/have done is invaluable to my team"

"The workshop validated the marketplace for supplier apps; participants were of a uniformly high standard; personally, I value highly the ethos of the Forum in the fact that it is supplier independent"

Tel: +44 (0) 1442 866634


Workshops are the backbone of The Forum. Nothing can compare to a group of IT professionals debating and exchanging experience of a specific, defined topic in a confidential environment. Workshops deliver insightful, real life information that helps members achieve their objectives, deliver projects and build relationships with other organisations.

Related Content

  • Security & Policy Development (Workshop Jul 2014)
  • tISS: Building & Integrating a Security Operations Centre (Report Apr 2014)
  • IT Security Infrastructure Maturity Assessment (Q&A Mar 2014)
  • Supporting Legacy Windows XP Desktops (Q&A Mar 2014)
  • ISO27001: 2013 (Report Feb 2014)
  • Corporate Espionage (Q&A Jan 2014)
  • Removing Local Administrator Rights (Q&A Jan 2014)
  • Cybercrime Resources (Q&A Nov 2013)
  • Cloud: Computing & Services Trends 2013 (Reality Checker May 2013)
  • Cloud Computing in the Real World (Report Dec 2012)
  • tISS: Security Strategies & Metrics (Reality Checker Nov 2012)
  • Disruptive Cloud & Consumerisation Technologies (Report Oct 2012)
  • tISS: Security Policy Development (Report Aug 2012)
  • Cloud Computing In 2012 (Reality Checker Feb 2012)
  • Service Management Maturity 2011 (Reality Checker Oct 2011)
  • Enterprise Architecture Frameworks (Reality Checker Nov 2010)
  • Banner