Get in touch

Get in touch

  • This field is for validation purposes and should be left unchanged.

Privacy Notice


When you submit an enquiry via our website, we use the personal data you supply to respond to your query, including providing you with any requested information about our products and services. We may also email you several times after your enquiry in order to follow up on your interest and ensure that we have answered your it to your satisfaction. We will do this based on our legitimate interest in providing accurate information prior to a sale. Your enquiry is stored and processed as an email which is hosted by Microsoft within the European Economic Area (EEA). We keep enquiry emails for two years, after which they are securely archived and kept for seven years, when we delete them.

Reveal Menu

ISO27001 provides the standard requirements for an information security management system (ISMS). ISO (International Organization for Standardization) defines an ISMS as a systematic approach to managing and securing sensitive company information by applying a risk management process. Any cyber-security professional will tell you that good information security is about defending yourself from threats and the usual way to do that is by the use of controls, whether they be technical, administrative or physical. ISO27001 is suitable for small, medium and large businesses in all sectors.

How can becoming ISO27001 certified benefit your business?

There are several benefits to your organization from becoming ISO27001 certified, impacting both internal and external stakeholders.

  • Complying to ISO27001 will strengthen your organization’s structure by defining responsibilities and duties of day-to-day processes and procedures.
  • Strengthening your organization’s information security and processes through risk management reduces threat of data breaches and cyber-attacks, meaning you could avoid unnecessary fines and loss of reputation.
  • The ISO27001 certification provides a competitive advantage in the marketplace, as well as increasing the perception of credibility and trust among potential and existing customers.
  • The certification is globally recognised and in line with several regulatory requirements such as GDPR and other cyber security laws, demonstrating effective information security and risk management.

How long will it take to become certified?

The amount of people who will be involved in the process can vary the project length substantially. However, on average we expect the amount of time to become certified using our detailed toolkit is between six and nine months. (see our blog article on this subject)

Is there anything else your business needs to assist the process?

We recommend having a copy of the ISO27001:2013/17 standard. You can either purchase this directly from the ISO website, or it is included in our Enhanced Gap Assessment Tool. This includes the exact text of sections 4 to 10 of the standard, broken down by individual requirement within a user-friendly spreadsheet. Our licensing agreement with ISO means we can offer this enhanced tool which provides a further level of detail over and above the standard gap assessment provided within the toolkit. A detailed Statement of Applicability is also included.

We recommend the ISO27001-17-18 Enhanced Gap Assessment Tool for cloud service providers. This is a more developed tool with relevant parts of the ISO27017 and ISO27018 codes of practice.

What is the certification process?

1: Using the CertiKit toolkit documentation, become compliant by working through the policies and procedures within the document and applying them to your organization’s practices.

2: Perform an internal audit to highlight any non-conformities before the external audit. We advise an internal audit to be completed by an independent third-party auditor or an impartial qualified auditor within your organisation.

3: This is the final external audit to achieve certification by an accredited Registered Certification Body (RCB). This is not a requirement but is recommended as certification validates your ISO27001 compliance. Click here to find out more about choosing the right RCB for your organisation.

What’s next?

As CertiKit Ltd is ISO27001 certified ourselves we understand that it may seem like a lot of hard work to become certified. However, we believe that the benefits quickly outweigh the challenges. With the impact the standard has on company procedures, competitive advantage and customer trust, becoming ISO27001 certified is a great return on investment.

ISO27001 doesn’t just provide you with a definition for an ISMS, it also contains a list of 114 great best practice controls to choose from when securing your organization. These are based on the experience of many organizations across many industries and countries and cover areas such as policies, human resources, physical and network security, access control, cryptography and incident management.

Our ISO27001 toolkit is the best way to put an ISMS in place quickly and effectively to achieve certification to the ISO27001 standard. Our quality template documents and checklists come complete with 12 months of updates and support, helping you to get to ISO27001 certification fast.

We’ve helped more than 4000 businesses with their compliance


Great library of documents that helped tremendously in the development of our respective systems. The organization and hierarchy of the documents were easy to follow.

GC&E Systems Group, Inc.

View all Testimonials