What is ISO27001?

ISO27001 is an internationally recognised standard for information security. It is often referred to as the “gold standard” for information security governance and compliance. Organisations who undertake to meet the standard must be independently and regularly audited to maintain their accreditation. By gaining accreditation, an organisation is demonstrating its ability to follow information security best practice.

At the core of the standard is the implementation of an information security management system (ISMS). This provides a framework for managing information security within the organisation. It is supported by a range of resources such as people, training, policies and procedures.

What are the benefits of acquiring ISO27001 accreditation?

Gaining accreditation allows an organisation to demonstrate its commitment to information security and can enhance reputation with respect to peers, clients and customers.If you are part of a supply chain or looking to participate in tenders, having accreditation can reduce the effort required to meet complex compliance requirements. Accreditation can also open new opportunities for working with businesses that demand a higher level of compliance (e.g. financial services / public sector).

Since the advent of GDPR, ISO27001 is proving increasingly popular with organisations who process personal data. The biggest risk organisations now face, is a breach of their information systems. The consequences of which could result in financial sanctions and reputational damage. ISO27001 allows organisations to reduce the likelihood of a breach and its impact.

Implementing an information security management system also provides benefits such as:

  • Reduced information security and business risk.
  • Potentially provide the organisation an edge over its competition.
  • Improved capability for responding to security incidents or business interruption.
  • Increased trust from customers and clients.
  • Embeds a culture of continuous improvement within the organisation.
  • Reduces the effort required to submit tenders.
  • Reduces the effort and time required to complete supply chain assurance questionnaires and audits.
  • Provides organisations with a better understanding of its processes and risks.
Hero Image 3

Assessment and gap analysis

Our consultants will carry out an initial assessment of your existing security controls and procedures along with a pathway which will prepare you for ISO27001 accreditation. Alternately, if you currently operate an ISMS, we can undertake a review to ensure it is fit for purpose.

The challenges of implementation

  • ISO27001 is not regarded by business as a simple standard to understand or implement.
  • ISO27001 to be effective must be embedded in the culture and fabric of the organisation. Security becomes part of “what we do”. Business and cultural change is a significant component of implementation and is often underestimated.
  • Do you understand how data and information systems are used within your organisation? Is this documented? If not, how can you truly understand the risks associated with your processing activities?
  • Time – Implementation can require months or even years in some more complex organisations. How will you manage this on top of your day job?
  • Budget – ISO27001 does require a budget for implementation but additionally organisations need to also factor in ongoing costs for audit and any business/process change required. Larger organisations have significant budgets letting them apply dedicated resource, roles and teams to compliance tasks, smaller businesses may not.
  • ISO27001 can be a challenge to understand, scope, cost and implement but our consultants are here to help and at all times let you remain in control of your spend.

Implementation assistance

Our consultants can provide you with the tools you need to implement the standard at your own pace. We can also accelerate your program by working as a dedicated resource, managing implementation on your behalf. Our flexibility in approach allows us to work with organisations of differing size and need.

We can help with all stages of implementation including:

  • Identify the context the organisation works within and its interested parties.
  • Determine the scope of the ISMS
  • Undertaking and documenting your risk assessment
  • Identifying and implementing suitable controls – we can help with the selection and implementation of controls that will reduce identified risks (Policies, procedures, training and technical tools).
  • Creating the statement of applicability
  • Internal auditing – To ensure your ISMS is ready for external audit.
  • Policies and procedures – We are able to draw from a suite of policies and tailor them to meet the requirements of your organisation

ISO27001 workshops and training

Our consultants can host workshops to assist management teams in determining what lays ahead for their business and whether this standard is right for them. We can also provide staff with ISO27001 / security training.

Hero Image 5

Contact Form

  • However, from time to time we would like to contact you with other services we provide. If you are happy to receive electronic communications from Protos please click the box below:
  • Click here to find out more about our Privacy Policy.