Home  »  ISO 27001 Information Security Management

What is ISO 27001?

ISO/IEC 27001:2013  is the recognised international standard for Information Security Management. In today’s world of digital commerce, any business, large or small should ensure that they have an information security procedure in place.

What are the requirements to obtain ISO 27001 certification?

There are several steps that an organisation will need to take for implementation of this cyber security management system. These steps include (but are not limited to):

  • Planning – Ask yourself what the standard will do for your business, how will it improve your current way of working? What are the objectives of implementing the standard? Treat this certification as its own project.
  • Documentation – Define a security management system roadmap that will help you ensure that this project is progressing correctly. Document requirements for risk assessment and treatment.
  • Education – Your business team members should all be on board and aware that this project is taking place, it is not just for the IT department to be involved with.
  • Ownership – Document and communicate the roles and responsibilities for all involved in the system.
  • Control – To be fully compliant with ISO 27001, a company must list all the controls that are to be implemented as part of the management system. These controls are organised into domains focusing on areas such as: organisational issues, HR, information technology, physical security and legal issues.

Please watch this short video to learn more about how ISO 27001 certification can benefit your organisation.

How much does ISO 27001 cost?

In order to give an accurate quotation for the implementation of the Information Security Management System (ISMS) we need to ask a few details from you as the cost does depend on factors such as the size of the company, the area of business in which it operates and the complexity of the required ISMS scope.

Vassallo Associates will be happy to give you a good idea of the overall costs once we have a more detailed understanding of your business and its requirements.

Contact Us now to arrange a free, no-obligation consultation to discuss your information security requirements.

Please also read our own thoughts on the ISO 27001 certification cost.

What are the benefits of obtaining ISO 27001 certification?

The first benefit to mention here is peace of mind. In today’s digital age, we are all aware that online crime is on the increase. For any business, a breach of data such as client details or the company website being forced offline can be hugely damaging to both the business financials and reputation. Having an official system in place to mitigate such risks as much as possible means that the business can focus on its customers and services without having to worry unduly about data breaches.

Some of the many other benefits include:

  • Having a globally recognised certification demonstrates to clients and customers that you are serious about information security, in turn giving them more confidence to work with you.
  • An edge over your competitors, in an increasingly competitive marketplace, having the ISO 27001 certification can help you to stand out.
iso 27001 certification can help you win new business

“Achieving ISO 27001 compliance allows you to differentiate yourself from your competitors and win new business” 

ISO 27001 2022 Updates

ISO 27001:2013 is likely to be going through an update in 2022, in this new revision the majority of the changes are to the Annex A controls which are grouped into 4 control areas:

Physical and Technological

Compared to the 14 areas in the current 2013 revision.

As the information age starts to dominate our lives more and more the threat environment evolves and emerging vulnerabilities and technologies mean that additional controls are required to address this. So there are likely to be a number of additional controls that will be introduced in the 2022 revision, including:

  • Information security for use of cloud services
  • Controls around threat intelligence
  • ICT readiness for business continuity
  • Physical security monitoring
  • Configuration management
  • Information deletion
  • Data masking
  • Data leakage prevention
  • Monitoring activities
  • Web filtering
  • Secure coding

Please note that until the final changes are confirmed, the above information is subject to change.

What are the specific services that Vassallo Associates can offer to an organisation wanting to start working towards obtaining ISO 27001 compliance?

We can help with the full management system preparation and implementation to ensure that you are able to pass the ISO 27001 certification with flying colours. We can advise on and support you with:

  • Consultancy services for the implementation of ISO 27001.
  • Internal and External Audit Support.
  • Managing the costs of implementing the standard.
  • Assistance with the domains and controls required for implementation.
  • Advice on the differences between certification bodies and how to choose a certification body suitable for your requirements.

Contact Us now to arrange a free, no-obligation consultation to discuss your information security requirements.

For more details on the Information Security Management System, please visit the specific standard page on the ISO Website.