ISO 27001 Information Security Management is the standard created by the International Organisation for Standardisation (ISO) that deals specifically with effective management of information security risks. For larger businesses, if there is a certification that should be on the ‘must-do’ list, it is ISO 27001.

Do larger organisations have to work with an independent consultant?

If resources are tight and you have an information security expert on staff who also has an in-depth knowledge of the ISO certification system, then no, you don’t need an independent consultant.

That said, as well as having an in-depth knowledge of ISO 27001, an independent consultancy will be beneficial. As well as being a ‘fresh pair of eyes’, they also bring objectivity to the table and can drive the project forward to a successful conclusion – which is exactly what any business needs.

How long does ISO 27001 certification take?

… and could working with an independent consultancy speed it up? ISO 27001 certification takes between three and six months to complete. The more sites you have and the larger your organisation, the longer it will probably take.

That said, many of the components of ISO 27001 are already present in your business. Any changes that are needed as part of implementing the standard will become second nature in no time.

An independent consultant can only go as fast as a company responds. Corners cannot be cut but with a consultant driving the project, it remains independent in many ways to the day to day minutia of running a larger business.

Why working with an independent consultant is beneficial?

There are two audits involved in the process of ISO 27001 certification.

  • Stage 1 Audit – this is where your existing systems are reviewed. We produce a report with our findings, including a list of actions required to meet the standard. Some organisations feel underprepared for this audit and yet, it proves to be invaluable for forming an action plan for taking the next steps to certification.
  • Stage 2 Audit – with action taken and changes made, it may be that you are now compliant with ISO 27001 and all its component parts. If you are, your consultant can recommend you for certification, complete with their audit report.

Spotting the smaller details

Auditing and reviewing your company in relation to ISO 27001 is essential, a process of assessing strengths and weakness, interpreting ISO 27001 and how your company currently fits within its framework.

If you have not come across ISO 27001 before, or any other ISO, you face something that is unknown. Wouldn’t it make sense to work with a consultancy who know the standard inside and out?

Spotting the smaller details is important as they become hurdles when it comes to successful certification, Likewise, ISO 27001 requires ongoing certification, with a mandatory surveillance audit each year.

Not completing the process in depth could mean several attempts at certification by which time, the enthusiasm has ebbed away. That could mean missing out on all the benefits ISO 27001 will bring your organisation.

How can we help you?

If you’re in need of assistance with ISO 27001 or any other aspect of ISO certification, here at Synergos we’d be delighted to help. Whether you have questions about the path to certification or are looking for advice and support to maintain an existing standard call 01484 666160 or email info@synergosconsultancy.co.uk and we’ll be happy to talk it over with you.