What is ISO 27001?

ISO/IEC 27001:2013 is the international information security standard that is now accepted as best practice worldwide.

Achieving ISO/IEC 27001 certification enables your company to show your customers, stakeholders or suppliers your commitment to managing information safely and securely.

One of the common mistakes companies make is to assume these only needs work from the IT team and can be run by the IT team alone. This is rarely the case as the standard works across most, if not all the departments in scope and some which maybe out of scope of the certification.

The requirements for the standard include establishing, implementing and maintaining an Information Security Management System (ISMS). A by-product of certification is the improvement of Cyber Security within your business and a clearer understanding of your organisation’s current position.

Many companies need differing levels of support to achieve the standard. Many spend time creating a lot of documents before they call us in, which can make the job harder, especially if these documents have been pushed out to staff.

Our advice is to get expert advice before you start anything. Also, be mindful of the wider business needs when designing your ISMS. Most organisations do not want to achieve certification for the primary reason of improving Cyber Security, but to satisfy a new or existing client requirement.

It’s important to avoid changing too quickly, as this may move focus from your business goals. We recommend adopting a prioritised approach in your development plan, identifying what needs changing to meet the standard, what is a high risk and requires some work and what is nice to have for the future.

ISO 27001 services offered:

  • Scoping of the certification
  • ISO 27001/2 Gap analysis
  • Business risk assessment
  • Development plan development
  • Security policy development
  • Staff awareness training
  • Technical design review
  • Incident response plan review, development and management
  • Internal Audit support, training and managed service
  • Pre-assessment