Home  »  ISO 27001 Information Security Management

Information is the lifeblood of any organisation and as such, it is absolutely crucial that this information is secured to the highest possible standard.

Remember, “It takes 20 years to build a reputation and a few minutes of cyber-incident to ruin it.”

What is ISO 27001?

ISO/IEC 27001:2013 is the Information Security Management standard for managing all forms of Information Security risk. ISO 27001 certification will allow your company to provide a greater level of protection against internal and external threats to ensure compliance and confidentiality of all system data.
iso 27001 information security management

Why do I need ISO 27001?

Globalisation and the internet have created factors that put businesses at risk for cyber attacks. The ISO 27001 standard provides a set of requirements for the management system that ensures the security of your data and systems from such attacks, protecting your reputation and brand image in front of your customers. While many approaches to information security management exist, ISO/IEC 27001:2013 is one of the strictest and most comprehensive. This internationally recognized standard specifies the requirements for an information security management system (ISMS) based on objectives, processes and controls that are both effective and cost-efficient. Its implementation can significantly reduce your organisation’s risks.

Achieving ISO 27001 compliance allows you to differentiate yourself from your competitors and win new business

information security certification helps win business

What are the requirements to obtain ISO 27001 certification?

There are several steps that an organisation will need to take for the implementation of this cyber security management system. These steps include (but are not limited to):

  • Planning – Ask yourself what the standard will do for your business, and how will it improve your current way of working. What are the objectives of implementing the standard? Treat this certification as its own project.
  • Documentation – Define a security management system roadmap that will help you ensure that this project is progressing correctly. Document requirements for risk assessment and treatment.
  • Education – Your business team members should all be on board and aware that this project is taking place, it is not just for the IT department to be involved with.
  • Ownership – Document and communicate the roles and responsibilities of all involved in the system.
  • Control – To be fully compliant with ISO 27001, a company must list all the controls that are to be implemented as part of the management system. These controls are organised into domains focusing on areas such as organisational issues, HR, information technology, physical security and legal issues.

Download our free ISO 27001 certification guide

free-information-security-management-guide

How much does ISO 27001 cost?

In order to give an accurate quotation for the implementation of the Information Security Management System (ISMS) we need to ask a few details from you as the cost does depend on factors such as the size of the company, the area of business in which it operates and the complexity of the required ISMS scope.

Vassallo Associates will be happy to give you a good idea of the overall costs once we have a more detailed understanding of your business and its requirements.

Contact Us now to arrange a free, no-obligation consultation to discuss your Information Security requirements.

Please also read our own thoughts on the ISO 27001 certification cost.

What are the benefits of obtaining ISO 27001 certification?

We’re confident that implementing ISO 27001 will help your organisation to:

  • Reduce risk of loss from cybercrime, data breaches and fraud
  • Simplify regulatory compliance reporting
  • Respond faster to emergency situations
  • Meet key goals for business performance and growth
  • Save money on audits and investigations
  • Improve customer confidence and brand reputation
  • Stand out from the competition and win new business

ISO 27001 2022 Updates

ISO 27001:2013 is likely to be going through an update in 2022, in this new revision the majority of the changes are to the Annex A controls which are grouped into 4 control areas:

Organisational
People
Physical and Technological

Compared to the 14 areas in the current 2013 revision.

As the information age starts to dominate our lives more and more the threat environment evolves and emerging vulnerabilities and technologies mean that additional controls are required to address this. So there are likely to be a number of additional controls that will be introduced in the 2022 revision, including:

  • Information security for use of cloud services
  • Controls around threat intelligence
  • ICT readiness for business continuity
  • Physical security monitoring
  • Configuration management
  • Information deletion
  • Data masking
  • Data leakage prevention
  • Monitoring activities
  • Web filtering
  • Secure coding

Please note that until the final changes are confirmed, the above information is subject to change.

What are the specific services that Vassallo Associates can offer to an organisation wanting to start working towards obtaining ISO 27001 compliance?

We can help with the full management system preparation and implementation to ensure that you are able to pass the ISO 27001 certification with flying colours. We can advise on and support you with:

  • Consultancy services for the implementation of ISO 27001.
  • Internal and External Audit Support.
  • Managing the costs of implementing the standard.
  • Assistance with the domains and controls required for implementation.
  • Advice on the differences between certification bodies and how to choose a certification body suitable for your requirements.

Contact Us now to arrange a free, no-obligation consultation to discuss your information security requirements.

For more details on the Information Security Management System, please visit the specific standard page on the ISO Website.

Take Control Of Your Information Security Today

We operate out of offices based in London and Malta, however, we can also travel nationally and internationally to provide client support. We also offer remote audits and training for organisations if required.
Do not hesitate to contact us today for a no-obligation assessment of how we can help you.