Get in touch

Get in touch

  • This field is for validation purposes and should be left unchanged.

Privacy Notice

X

When you request to download our free implementation guide, we use your name, company name (which is optional) and your email address to email you a link to download the requested document. We may also email you after your download in order to follow up on your interest in our products and services. We will do this based on our legitimate interest in marketing to prospects for our products and services. Your name and email address are stored on our website which is hosted with Digital Ocean. Your personal data is stored for one year after you requested your download, after which it is deleted.

Reveal Menu

ISO27001 provides the standard requirements for an information security management system (ISMS). ISO (International Organization for Standardization) defines an ISMS as a systematic approach to managing and securing sensitive company information by applying a risk management process. Any cyber-security professional will tell you that good information security is about defending yourself from threats and the usual way to do that is by the use of controls, whether they be technical, administrative or physical. ISO27001 is suitable for small, medium and large businesses in all sectors.

How can becoming ISO27001 certified benefit your business?

There are several benefits to your organization from becoming ISO27001 certified, impacting both internal and external stakeholders.

  • Complying to ISO27001 will strengthen your organization’s structure by defining responsibilities and duties of day-to-day processes and procedures.
  • Strengthening your organization’s information security and processes through risk management reduces threat of data breaches and cyber-attacks, meaning you could avoid unnecessary fines and loss of reputation.
  • The ISO27001 certification provides a competitive advantage in the marketplace, as well as increasing the perception of credibility and trust among potential and existing customers.
  • The certification is globally recognised and in line with several regulatory requirements such as GDPR and other cyber security laws, demonstrating effective information security and risk management.

How long will it take to become certified?

The amount of people who will be involved in the process can vary the project length substantially. However, on average we expect the amount of time to become certified using our detailed toolkit is between six and nine months. (see our blog article on this subject)

Is there anything else your business needs to assist the process?

We recommend having a copy of the ISO27001:2013/17 standard. You can either purchase this directly from the ISO website, or it is included in our Enhanced Gap Assessment Tool. This includes the exact text of sections 4 to 10 of the standard, broken down by individual requirement within a user-friendly spreadsheet. Our licensing agreement with ISO means we can offer this enhanced tool which provides a further level of detail over and above the standard gap assessment provided within the toolkit. A detailed Statement of Applicability is also included.

We recommend the ISO27001-17-18 Enhanced Gap Assessment Tool for cloud service providers. This is a more developed tool with relevant parts of the ISO27017 and ISO27018 codes of practice.

What is the certification process?

Stage 1: Using the CertiKit toolkit documentation, become compliant by working through the policies and procedures within the document and applying them to your organization’s practices.

Stage 2: Perform an internal audit to highlight any non-conformities before the external audit. We advise an internal audit to be completed by an independent third-party auditor or an impartial qualified auditor within your organisation.

Stage 3: This is the final external audit to achieve certification by an accredited Registered Certification Body (RCB). This is not a requirement but is recommended as certification validates your ISO27001 compliance. Click here to find out more about choosing the right RCB for your organisation.

What’s next?

As CertiKit Ltd is ISO27001 certified ourselves we understand that it may seem like a lot of hard work to become certified. However, we believe that the benefits quickly outweigh the challenges. With the impact the standard has on company procedures, competitive advantage and customer trust, becoming ISO27001 certified is a great return on investment.

ISO27001 doesn’t just provide you with a definition for an ISMS, it also contains a list of 114 great best practice controls to choose from when securing your organization. These are based on the experience of many organizations across many industries and countries and cover areas such as policies, human resources, physical and network security, access control, cryptography and incident management.

Our ISO27001 toolkit is the best way to put an ISMS in place quickly and effectively to achieve certification to the ISO27001 standard. Our quality template documents and checklists come complete with 12 months of updates and support, helping you to get to ISO27001 certification fast.

Over 3000 businesses have purchased our toolkits

Testimonials

Each document is not an island, they all interconnect which is something I've struggled with when using other template packs. Well written and generally happy with the structure of the docs. Really appreciate the excel tools.


PikesPlace

View all Testimonials