Get in touch

Get in touch

  • This field is for validation purposes and should be left unchanged.

Privacy Notice


When you request to download our free implementation guide, we use your name, company name (which is optional) and your email address to email you a link to download the requested document. We may also email you after your download in order to follow up on your interest in our products and services. We will do this based on our legitimate interest in marketing to prospects for our products and services. Your name and email address are stored on our website which is hosted with Digital Ocean. Your personal data is stored for one year after you requested your download, after which it is deleted.

Reveal Menu

Reasons for ISO27001 Certification - 5, 4, 3, 2, 1....

At CertiKit we deal with many organizations who have taken the decision to go for certification to the ISO/IEC 27001 standard and we thought it might be interesting to give you our view of the main reasons they mention for doing so.  Implementing all of the requirements of ISO/IEC 27001 can take a while (even with our toolkit!) and is a serious commitment of time and resources for any company so no-one does it lightly. So starting from the bottom, here are the top 5 reasons we hear most often.

Number 5 - “My boss came down one day and told me to get us certified”

The individuals that buy our toolkits are at all levels within the organization, from the CEO to the technician and particularly at the more technical end we often hear that the direction has been received from on high that certification is needed, so you’d better get on with it! Obviously we suspect that the real reason is one of the ones below but sometimes this is not fully communicated to all levels so the guy at the sharp end is simply focussed on the task he or she has been given.

Number 4 - “We need to become more secure”

You can’t look at the news nowadays without coming across an example of some form of cyber-crime so many organizations appreciate the need to get their house in order when it comes to information security. Adopting the ISO27001 standard is generally accepted as one of the best ways to address as many security issues as possible in a controlled way so an organization’s general desire to protect itself is a common reason for implementation, even if they don’t go as far as certification.

Number 3 – “Our regulators are insisting on it”

In industries where there is some form of regulatory body the insistence on adopting the ISO/IEC 27001 standard either in full or in part is an increasing trend. Rather than come up with their own list of security requirements, many regulators understandably specify ISO27001 as the default approach to information security. Recent examples we have come across here are the online gambling industry and domain name registration services.

Number 2 – “It will help us stand out in the marketplace”

Many organizations are realizing that good information security is becoming a prerequisite to do business in some (if not all) industries.  Even if specific customers are not asking for it, there is an increasing acceptance that having ISO27001 certification provides a good degree of assurance to potential customers that the issue is on the agenda and is taken seriously. We’re seeing a lot of cloud service providers going down this route for obvious reasons.

Number 1 – “Our customers want us to be certified”

And finally, the number one reason we hear from our customers why they believe ISO27001 certification is the way to go? Because their customers are telling them so. In many cases companies are missing out on tenders and deals because they can’t demonstrate the level of protection that their customers want. Most organisations exist to satisfy their customers’ wants; it’s the key to business success. There’s an increasing realization that your own organisation can have the best security in the world, but if you share your information with third parties then that represents a weak link that can be exploited by those that would do you harm. So many companies insist that their suppliers show their commitment to good information security by obtaining ISO27001 certification.

So these are some of the reasons we hear from our customers on a regular basis. But whatever the reason for doing it, the effect is always the same – better information security.

And that is always good.

Over 3000 businesses have purchased our toolkits


Thank you for the kit, I don't know where I would have started without it!

Visualhouse Ltd

View all Testimonials