Safeguard your information and inspire stakeholder trust with the ISO 27000 family


In today’s technologically dependent world, the threat of information security breaches is growing. A single incident can destroy your company’s image, impact business continuity and revenues, and compromise your client base.

Large organisations have long been regular targets of attacks, but SMEs companies are increasingly at risk. As a result, you face more stringent regulation, and stakeholder expectations for data security are high. That is why more and more organisations are seeing the value of a structured approach to information security such as that provided by the ISO 27000 family of guidance and management systems for information security management.



Implementing a management system protects the confidentiality, integrity and availability of your company’s information. It minimises the risk of breaches and ensures you comply with data protection legislation.

We can support you in learning how to implement the right management system for your business challenges and achieve certification.

We also offer blended-learning training to help you understand the importance of information security, how to respond with the necessary controls and how to protect data stored and managed by your organisation from dangerous security breaches.

Meet Thailand's Data Privacy Regulations
Personal Data Protection Act or PDPA is developed to protect user's personal data and to meet international regulations. Demonstrating compliance with PDPA proves that the personal data of your clients, employees, and stakeholder in your database is well-organised and never been used without consent.

Bureau Veritas’ work as an independent third party enables companies to ensure that the organization, processes, and practices are conforming to Thailand's Personal Data Protection Act.

ISO 27001: Information Security Management System 
ISO 27001 heads a family of information security standards that provide comprehensive guidance and support to systematically understand your information security risks and vulnerabilities. By implementing ISO 27001, you can apply rigorous information security methodologies, reducing risks and safeguarding against security breaches.

ISO 27701: Privacy Information Management System
To help organizations manage personal data in line with consumer expectations and in compliance with rapidly tightening regulatory requirements, Bureau Veritas offers ISO 27701 certification and training. Implementing an ISO 27701 Privacy Information Management System (PIMS) enables you to meet the highest standards of responsibility and transparency in the processing of personal information.

ISO 27017: Information security for cloud services
Two-thirds of businesses report that they have functions and data hosted on cloud platforms, including commercially confidential data: the importance of clear ownership and responsibility for information and its security is paramount. The ISO 27017 certification reassures stakeholders that you are able to address the unique threats and complexities of cloud environments.

ISO 27018: Personally identifiable information
Today’s customers are increasingly concerned about information security and the potential for abuse of their sensitive personal information. ISO 27018 enables cloud services providers that process large amounts of personally identifiable information to provide transparency to their customers and demonstrate their responsible handling of personal data.

Cyber Essentials (CE) certification, in which organisations identify systems most at risk from low-skilled attackers and implement a set of controls to provide protection, is a prerequisite for UK government contract work. It enables you to demonstrate a certain level of cyber security at a low cost. Cyber Essentials Plus (CE+) takes this to the next level with more sophisticated cyber security checks.



Technology companies might also be interested in a number of other specific certification schemes, such as the Cloud Security Alliance (CSA) Star certification, Datacentre Operations Standard or ISO 20000 Information Technology Service Management System. 
Contact us to find out more about these services.



  • Safeguard

    your information to preserve business continuity

  • Ensure

    compliance with increasingly stringent regulations

  • Show stakeholders

    that you take the protection of their data seriously

  • Inspire trust

    in your leadership, amongs both staff and external stakeholders

  • Help reduce

    the burden of contractually required customer audits by proving compliance to internationally recognised criteria

  • Support

    from a global leader in testing, inspection and certification services

  • Improve awareness

    of your staff through training

transition to THE NEW ISO/IEC27001:2022

Earlier on in 2022, the International Organization for Standardization (ISO) released a new version of its 27002 controls, therefore impacting the ISO27001 standard. A new version of the latter is expected to be released in end-October this year, opening thereby a cycle of re-certification for many companies around the world.

The ISO27001:2022 through the evolution of its Annex A will present a simplified version of the required controls. The original 114 controls divided into 14 chapters will now be reorganized into 93 controls divided over 4 chapters (Organizational, People, Physical and Technological). New focus points are now set on prevention, detection and reaction to cyberattacks as well as data protection (in line with the NIST Cybersecurity Framework).

ISO 27001 - Information security

BY Bureau Veritas Denmark