Get in touch

Get in touch

  • This field is for validation purposes and should be left unchanged.

Privacy Notice

X

When you request to download our free implementation guide, we use your name, company name (which is optional) and your email address to email you a link to download the requested document. We may also email you after your download in order to follow up on your interest in our products and services. We will do this based on our legitimate interest in marketing to prospects for our products and services. Your name and email address are stored on our website which is hosted with Digital Ocean. Your personal data is stored for one year after you requested your download, after which it is deleted.

Reveal Menu

Our quick top 5 for ISO27001

 

 

We’re often asked how to become certified to the ISO/IEC 27001 standard as fast as possible. Sometimes this is due to pressure from current or prospective customers, sometimes it’s from a regulator and sometimes it’s just because the organization wants to get on with it. As well as using the CertiKit ISO/IEC 27001 Toolkit, there are a number of quick tips we usually give to make the process of certification as fast and painless as possible and we’ve summarized them here.

blog-thumb

1 - Consider Your Scope

This is probably the biggest single source of confusion and misunderstanding around the ISO standard. In essence you can choose the scope of your certification by service (or technology), by geography or by business area (including customers). The smaller the scope, generally the less work involved so adjust your scope according to how quickly you want to be certified. A single service to a single customer at a single location is perfectly acceptable and scoping small will allow you to learn the lessons early and apply them when you gradually widen the scope post-certification.

So consider your scope carefully.

2- Understand the Standard

This may sound obvious, but to implement an ISMS you need to familiarise yourself with the standard and understand what is expected of you. Sometimes we hear of people who are going for certification without having bought the ISO/IEC 27001 standard at all – not a good idea. The ISO/IEC 27000 family is a big one, but the more you read around it, the clearer the requirements will seem so getting hold of additional codes of practice such as ISO/IEC 27002, ISO/IEC 27005 and ISO/IEC 27017 can be helpful.  Download our free Implementation Guide from our product page if you need more info.

3- Get Management commitment

Success will be much easier if you can get direction and motivation from the top. Even if you are convinced it is the way forward for the organisation, you have to convince senior management and get their commitment before you roll it out to your staff. The standard requires effective leadership from top management so it will be a definite barrier to certification if this is not in place and evidenced via various forms of communication. Resources will be easier to obtain too if the right people are behind you.

4 - Get the Right People Involved

It’s been said many times before that the best people to achieve change are the people that actually do the job and that’s still as true today as it ever was. Make sure everyone has a copy of the sections of the standard that are relevant to their job and that they understand the urgency. Get them involved in the risk assessment process and delegate as much as possible of the work on relevant controls etc. to them (whilst accepting that they may have a day job too, of course).

5 – Choose a Friendly Customer or Department

Leading on from your scoping decision, make life easy for yourself and choose a business unit or customer that is already friendly to the idea of improving information security and open to participating in the various activities you will need to start doing such as risk assessment, reporting and review meetings. They will then also be your best supporter when widening the scope to less receptive parts of the organisation or customer base. A little goodwill goes a long way when you’re trying to change the way you manage your information security.

So in a nutshell that’s our quick top 5.

Over 3000 businesses have purchased our toolkits

Testimonials

Full coverage of the subject, clearly written, three support questions I had were answered promptly and accurately


Uniteam Global Business Services

View all Testimonials