ISO270001: Everything You Need to Know

ISO27001 is an international standard focused on information security, developed to help your business protect your information systematically and cost-effectively. To achieve this you need an Information Security Management System (ISMS) as the foundation. 

Typically companies seek ISO27001 certification to demonstrate commitment to data security, gain a competitive advantage, and build trust with clients. As a point of this, we are starting to see a significant increase in many customers desiring, if not demanding, ISO27001 for key suppliers.

There are three key steps to achieving ISO27001 certification, these are outlined below:

1. Define the Scope: At this stage you need to determine what information needs protection within your organization.
2. Perform a Risk Assessment: We then need to identify the potential risks to your information security and develop a robust security roadmap.
3. Design and Implement Controls: Based on identified risks, decide how your organization will respond and implement necessary controls.

We can help you prepare for ISO27001 so that you’re in a strong position for Stage One. We typically recommend at least 6 months to get ready as this allows a good evidence file for your stage two audit. However, if time-scales are not on your side, this can be pushed through more quickly.

The cost for auditing is largely dictated by UKAS guidelines with the preparation costs being down to you for example, it could be that you can complete many of the templates internally but in most cases we manage it for you as resource is always at a premium internally. If you do end up going down the internal route then this does need a dedication and commitment otherwise the project starts to drift and timelines are not stuck to!

So... What’s included in the Stage One Audit? There are 7 key elements, outlined below:

1. To review all documented information relating to your ISMS.
2. To obtain information about all company site(s) - although we try and limit scope here.
3. To obtain information about your key processes procedures and equipment used.
4. To obtain information about all statutory and regulatory requirements applicable to your organisation - we have a template for this and we can brief you in advance.
5. To establish whether all relevant personnel are prepared for the Stage 2 audit - this is crucial to a successful audit.
6. To establish the status of your internal audits and management review.
7. To review the allocation of resources and plan for Stage 2, by gaining sufficient understanding of your management system and site operations..

If you have found this information helpful and are interested in achieving ISO27001 or would like some further information, please feel free to call us so that you can arrange a chat with us and look to get everything underway.

 For new projects we are currently booking from July onwards.