As business information is the most vital part of any company, most businesses have some form of data security policy in place. While this policy and the security controls may be introduced with the best intentions, the effectiveness of the policy can be difficult to maintain and organise. For example, most IT security policies may overlook vital information assets such as paperwork. The ISO 27001 standard was introduced to ensure that all aspects of data security are protected. ISO 27001 was developed to "provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system". The specification includes details for documentation, management responsibility, internal audits, continual improvement, and corrective and preventive action. The standard requires cooperation among all sections of an organisation which is required to apply controls appropriately in line with their specific risks. So why have Aeromark chosen to be ISO 27001…