Home  »  ISO 27001 Information Security Management

What is ISO 27001?

ISO/IEC 27001:2013  is the recognised international standard for Information Security Management. In today’s world of digital commerce, any business, large or small should ensure that they have an information security procedure in place.

What are the requirements to obtain ISO 27001 certification?

There are several steps that an organisation will need to take for implementation of this cyber security management system. These steps include (but are not limited to):

  • Planning – Ask yourself what the standard will do for your business, how will it improve your current way of working? What are the objectives of implementing the standard? Treat this certification as its own project.
  • Documentation – Define a security management system roadmap that will help you ensure that this project is progressing correctly. Document requirements for risk assessment and treatment.
  • Education – Your business team members should all be on board and aware that this project is taking place, it is not just for the IT department to be involved with.
  • Ownership – Document and communicate the roles and responsibilities for all involved in the system.
  • Control – To be fully compliant with ISO 27001, a company must list all the controls that are to be implemented as part of the management system. These controls are organised into domains focusing on areas such as: organisational issues, HR, information technology, physical security and legal issues.

Please watch this short video to learn more about how ISO 27001 certification can benefit your organisation.

How much does ISO 27001 cost?

In order to give an accurate quotation for the implementation of the Information Security Management System (ISMS) we need to ask a few details from you as the cost does depend on factors such as the size of the company, the area of business in which it operates and the complexity of the required ISMS scope.

Vassallo Associates will be happy to give you a good idea of the overall costs once we have a more detailed understanding of your business and its requirements.

Contact Us now to arrange a free, no-obligation consultation to discuss your information security requirements.

Please also read our own thoughts on the cost of ownership of ISO 27001.

What are the benefits of obtaining ISO 27001 certification?

The first benefit to mention here is peace of mind. In today’s digital age, we are all aware that online crime is on the increase. For any business, a breach of data such as client details or the company website being forced offline can be hugely damaging to both the business financials and reputation. Having an official system in place to mitigate such risks as much as possible means that the business can focus on its customers and services without having to worry unduly about data breaches.

Some of the many other benefits include:

  • Having a globally recognised certification demonstrates to clients and customers that you are serious about information security, in turn giving them more confidence to work with you.
  • An edge over your competitors, in an increasingly competitive marketplace, having the ISO 27001 certification can help you to stand out.
iso 27001 certification can help you win new business

“Achieving ISO 27001 compliance allows you to differentiate yourself from your competitors and win new business” 

What are the specific services that Vassallo Associates can offer to an organisation wanting to start working towards obtaining ISO 27001 compliance?

We can help with the full management system preparation and implementation to ensure that you are able to pass the ISO 27001 certification with flying colours. We can advise on and support you with:

  • Consultancy services for the implementation of ISO 27001.
  • Internal and External Audit Support.
  • Managing the costs of implementing the standard.
  • Assistance with the domains and controls required for implementation.
  • Advice on the differences between certification bodies and how to choose a certification body suitable for your requirements.

Contact Us now to arrange a free, no-obligation consultation to discuss your information security requirements.

For more details on the Information Security Management System, please visit the specific standard page on the ISO Website.

Your contact for ISO 27001 information:

Dan Breger
Principal Consultant
Mobile: +44 (0) 797 167 8039
dan.breger@hvassallo.com