BS ISO/IEC 27001
Information Security Management

Compelling benefits for a company acquiring ISO 27001

Improves image and credibility, opens doors to markets and customers

Contributes to GDPR compliance

Increases reliability of data security, develops a culture of protection within staff

Helps you control who has and how, your data is used.
Would you like to know more?
Find out what ISO can mean for your business and discover the 3 pathways that are available to get your company ready for an audit.

ISO 27001 – What is it all about?
This standard gives some basic components for an Information Security Management System, which, when properly implemented, can help to safeguard your critical information from unwelcome and disruptive outsiders.

Securing sensitive info (data)

Legal Obligations

Protection of company, assets and directors
ISO Consultant Colin says…


Why would my business want approval against this standard ?
Certification against ISO 27001 can bring significant market advantage, illustrating that not only do you take the security of your information seriously, but also that you’ve asked a third party specialist to verify that the measures taken are fully effective.
The application of the controls required by ISO 27001 should not only raise confidence in your security processes, but will also assure potential customers who may consider trusting you with some of their valuable and/or commercially-sensitive

How long would it take to become approved ?
That depends on the activities of your organisation, and the security measures you have already taken.
However, we can typically produce an Information Security Management System designed around your business, audit its implementation to ISO 27001 and get it through a UKAS-approved certification in around 10-12 working days. We have found that implementation is usually most successful when completed over a 2-6 month period, depending on the security structures already in place.

What must I need to do ?
Simply identify the areas of the organisation where significant risk to the security of information exists. Then develop and implement appropriate controls to reduce the risk.
Annex A of ISO 27001 offers a number of measures to control information security. The suitability of these controls for your business needs to be determined. Hence, where risk is significant, controls need to be developed.
The effectiveness of the controls must then be assessed through internal audits, and by assessing security performance against measurable objectives. A process for reporting security breaches (and potential breaches) also needs to be set up.

What is this likely to cost ?
Our fees are based on a day rate. The number of days are based on the activities of your business, but for ISO 27001, are typically 10-12 days for a small business. Certification by a UKAS ( i.e. UK Government approved body) typically costs £ 5-6000 for a three year certificate.
For more details and assistance in gaining the necessary certifications contact ISO Consultants.