Get in touch

Get in touch

  • This field is for validation purposes and should be left unchanged.

Privacy Notice


When you submit an enquiry via our website, we use the personal data you supply to respond to your query, including providing you with any requested information about our products and services. We may also email you several times after your enquiry in order to follow up on your interest and ensure that we have answered your it to your satisfaction. We will do this based on our legitimate interest in providing accurate information prior to a sale. Your enquiry is stored and processed as an email which is hosted by Microsoft within the European Economic Area (EEA). We keep enquiry emails for two years, after which they are securely archived and kept for seven years, when we delete them.

Reveal Menu

The Top 5 Reasons For ISO 27001 Certification

At CertiKit we deal with many organizations who have taken the decision to go for certification to the ISO/IEC 27001 standard and we thought it might be interesting to give you our view of the main reasons they mention for doing so.  Implementing all of the requirements of ISO/IEC 27001 is a serious commitment of time and resources for any company so no-one does it lightly.

So here are the top 5 reasons we hear from our customers on a regular basis. But whatever the reason for doing it, the effect is always the same – better information security.  And that is always good.

1) “My boss came down one day and told me to get us certified”

The individuals that buy our toolkits and use our services are at all levels within the organization, from the CEO to the technician and particularly at the more technical end we often hear that the direction has been received from on high that certification is needed, so you’d better get on with it! Obviously we suspect that the real reason is one of the ones below but sometimes this is not fully communicated to all levels so the person at the sharp end is simply focussed on the task he or she has been given.

2 - “We need to become more secure”

You can’t look at the news nowadays without coming across an example of some form of cyber-crime so many organizations appreciate the need to get their house in order when it comes to information security. Adopting the ISO27001 standard is generally accepted as one of the best ways to address as many security issues as possible in a controlled way so an organization’s general desire to protect itself is a common reason for implementation, even if they don’t go as far as certification.

3 – “Our regulators are insisting on it”

In industries where there is some form of regulatory body the insistence on adopting the ISO/IEC 27001 standard either in full or in part is an increasing trend. Rather than come up with their own list of security requirements, many regulators understandably specify ISO27001 as the default approach to information security. Recent examples we have come across here are the online gambling industry and domain name registration services.

4 – “It will help us stand out in the marketplace”

Many organizations are realizing that good information security is becoming a prerequisite to do business in some (if not all) industries.  Even if specific customers are not asking for it, there is an increasing acceptance that having ISO27001 certification provides a good degree of assurance to potential customers that the issue is on the agenda and is taken seriously. We’re seeing a lot of cloud service providers going down this route for obvious reasons.

5 – “Our customers want us to be certified”

And finally, the main reason we hear from our customers why they believe ISO27001 certification is the way to go? Because their customers and clients are telling them so.

In many cases companies are missing out on tenders and deals because they can’t demonstrate the level of protection that their customers want. Most organisations exist to satisfy their customers’ wants; it’s the key to business success. There’s an increasing realization that your own organisation can have the best security in the world, but if you share your information with third parties then that represents a weak link that can be exploited by those that would do you harm. So many companies insist that their suppliers show their commitment to good information security by obtaining ISO27001 certification.


Editor’s note: The original post was published in September 2015, and updates have been made in February 2022 for accuracy and comprehensiveness.

Just starting out and want to know more?

Download our free ISO27001: 10 steps to certification guide to learn:

  1. Each step of the process from project planning to the certification audit
  2. Expert tips from the CertiKit team on best practise for easy implementation
  3. Key insights into building a successful ISMS

Download free 10 step guide

We’ve helped more than 4000 businesses with their compliance


I am very pleased to have found you and would like to say thanks for the toolkit, it made my life so much easier.

RFIB Group Ltd

View all Testimonials