Focus Solutions awarded ISO 27001 certification


Focus Solutions has achieved ISO 27001 certification – the international standard for implementing an Information Security Management System (ISMS). The achievement shows Focus’ ongoing commitment to following the highest standards in information security.

The certification was granted following a rigorous external audit of all of Focus’ activities by the leading ISO certification specialist QAS International Ltd.

Craig Richards, Head of Operations

Craig Richards, Head of Operations for Focus Solutions said, “This certification is a significant and important achievement and delivers great benefit to our customers.  They can have unwavering confidence in us managing their information securely and professionally – something we and our customers take very seriously.”

Focus Solutions’ commitment to security is an ongoing process and the company will continue working hard to maintain and exceed ISO standards to protect both company and customer information. An external audit will be performed at planned intervals to attest to Focus’ continuous compliance.

About ISO27001

ISO27001 is the international standard that provides the specification for an information security management system (ISMS).  By implementing an ISO27001-compliant ISMS, organisations are able to secure information in all its forms, increase their resilience to cyber-attacks, adapt to evolving security threats and reduce the costs associated with information security.

An ISMS provides a systematic approach to managing information security. It consists of policies, procedures and other controls involving people, processes and technology to help organisations protect and manage all their data in line with international best practice.


ISO27001 emphasises the importance of risk management, which forms the cornerstone of an ISMS. All ISO27001 projects evolve around an information security risk assessment – a formal, top management-driven process which provides the basis for a set of controls that help to manage information security risks.


These controls are regularly reviewed for their adequacy and tested for their application to ensure that the organisation is effectively managing and mitigating the risks that have been identified.