ISO27001 provides the standard requirements for an information security management system (ISMS). ISO (International Organization for Standardization) defines an ISMS as a systematic approach to managing and securing sensitive company information by applying a risk management process. Any cyber-security professional will tell you that good information security is about defending yourself from threats and the usual way to do that is by the use of controls, whether they be technical, administrative or physical. ISO27001 is suitable for small, medium and large businesses in all sectors.
There are several benefits to your organization from becoming ISO27001 certified, impacting both internal and external stakeholders.
The amount of people who will be involved in the process can vary the project length substantially. However, on average we expect the amount of time to become certified using our detailed toolkit is between six and nine months. (see our blog article on this subject)
We recommend having a copy of the ISO27001:2013/17 standard. You can either purchase this directly from the ISO website, or it is included in our Enhanced Gap Assessment Tool. This includes the exact text of sections 4 to 10 of the standard, broken down by individual requirement within a user-friendly spreadsheet. Our licensing agreement with ISO means we can offer this enhanced tool which provides a further level of detail over and above the standard gap assessment provided within the toolkit. A detailed Statement of Applicability is also included.
We recommend the ISO27001-17-18 Enhanced Gap Assessment Tool for cloud service providers. This is a more developed tool with relevant parts of the ISO27017 and ISO27018 codes of practice.
Stage 1: Using the CertiKit toolkit documentation, become compliant by working through the policies and procedures within the document and applying them to your organization’s practices.
Stage 2: Perform an internal audit to highlight any non-conformities before the external audit. We advise an internal audit to be completed by an independent third-party auditor or an impartial qualified auditor within your organisation.
Stage 3: This is the final external audit to achieve certification by an accredited Registered Certification Body (RCB). This is not a requirement but is recommended as certification validates your ISO27001 compliance. Click here to find out more about choosing the right RCB for your organisation.
As CertiKit Ltd is ISO27001 certified ourselves we understand that it may seem like a lot of hard work to become certified. However, we believe that the benefits quickly outweigh the challenges. With the impact the standard has on company procedures, competitive advantage and customer trust, becoming ISO27001 certified is a great return on investment.
ISO27001 doesn’t just provide you with a definition for an ISMS, it also contains a list of 114 great best practice controls to choose from when securing your organization. These are based on the experience of many organizations across many industries and countries and cover areas such as policies, human resources, physical and network security, access control, cryptography and incident management.
Our ISO27001 toolkit is the best way to put an ISMS in place quickly and effectively to achieve certification to the ISO27001 standard. Our quality template documents and checklists come complete with 12 months of updates and support, helping you to get to ISO27001 certification fast.