Skip to main content

Oct 2022

ISO27001 – just another box to tick?

We all know that ISO standards are important to demonstrate high standards, but when it comes to cyber security, is it really imperative, or just a ‘nice to have’? We find out how ISO27001 can help to protect your business.

Categories Cyber Essentials and ISO 27001

Principal Security Consultant

What is ISO27001?

This international standard specifies the requirements for establishing, implementing, maintaining and continually improving an effective information security management system (ISMS). It assists organisations in protecting the confidentiality, integrity and availability of their information assets.

 

ISO27001 elements

ISO high level management structure

 

The high-level structure of ISO27001 is similar to that of other ISO standards, such as ISO9001 for quality management, and follows the plan/do/check/act cycle, as detailed below, for continual improvement.

ISO27001 requires an organisation to:

  • Systematically examine their information security risks
  • Implement effective information security controls to address risks
  • Monitor ISMS performance to ensure it continues to meet information security needs
  • Apply continual improvement activity to the ISMS

 

What are the benefits of ISO27001?

It shows your organisation:

  • Is committed to improving information security for clients, suppliers and employees
  • Has enhanced its risk management and is able to identify threats
  • Is prepared to defend itself - and its reputation - during and after an information security incident
  • Has built a robust security culture
  • Has international recognition, putting it in a potentially stronger position when it comes to tender opportunities.

How long will it take to get certified?

There is no set timescale to achieve formal certification as it is dependent on the size and complexity of the information security management system, current levels of maturity, and availability of monitoring and measurement results to demonstrate compliance.  Below is an example of the typical timeline for certification.

 

ISO Certification timeline

Certification timeline

 

We have a team highly experienced professionals to help you start, strengthen or continue your information security management system journey.

Whether it’s an assessment of your current security posture, staff awareness training, assistance with an ISO27001 compliant policy document set, development of risk management processes, or a side-by-side partnership leading you through to formal ISO27001certification and beyond, we’re with you.

For more information on who we are and what we can offer, click here.