BS ISO/IEC 27001
Information Security Management

Compelling benefits for a company acquiring ISO 27001

Improves image and credibility, opens doors to markets and customers

Contributes to GDPR compliance

Increases reliability of data security, develops a culture of protection within staff

Helps you control who has and how, your data is used.

Would you like to know more?

Find out what ISO can mean for your business and discover the 3 pathways that are available to get your company ready for an audit.

Face to Face Consultation

Remote Consultation

DIY With Tutorials and Training

ISO 27001 – What is it all about? 

ISO 27001 is relatively new in the world of ISO Standards, but is actually 10 years old. It can  trace its roots back to BS 7799, which was published in the late 1990’s. As cyber- security becomes more of a business and government issue, organisations are reviewing how they, and their suppliers, manage business-critical information which is electronically available, and potentially “hackable”

This standard gives some basic components for an Information Security Management System, which, when properly implemented, can help to safeguard your critical information from unwelcome and disruptive outsiders.

This standard, BS ISO/IEC 27001, concerns itself with business IT risk, requiring those implementing it to document their information assets, assess the risks to them, and implement controls and risk reduction techniques where appropriate. Asset gathering and risk assessment can be tedious by nature, but usually (and helpfully) also leads to the discovery of unknown weaknesses. Many larger organisations have opted for using reasonably expensive software for the asset management and risk assessment but a well constructed spreadsheet can be made to work at much reduced costs.

Securing sensitive info (data)

Data security should be at the forefront of business concerns, almost all businesses rely on information systems to operate, this is a standard that helps you review and refine the way you keep your information secure.

Legal Obligations

Law firms are particularly interested in this standard, storing litigation data securely requires the highest industry standards.

Protection of company, assets and directors

How important and sensitive is your data to competitors, cyber espionage is very much on the increase, the leaking of client or developmental data can be costly.

ISO Consultant Colin says…

You don’t have to look far in the media to come across instances of data becoming compromised, in Europe GDPR legislation has also linked very significant fines to the poor handling of data, making such problems very expensive. Most of these events are due to errors and oversights made by system administrators. A systematic and controlled Information Security Management System means the risks to the information and data you hold have been assessed and suitable controls put in place.

Why would my business want approval against this standard ?

This standard is now regularly addressed in tenders, particularly where the handling of critical information includes significant electronic communication, such  by email, local or wide area networks or by internet.

Certification against ISO 27001 can bring significant market advantage, illustrating that not only do you take the security of your information seriously, but also that you’ve asked a third party specialist to verify that the measures taken are fully effective.

The application of the controls required by ISO 27001 should not only raise confidence in your security processes, but will also assure potential customers who may consider trusting you with some of their valuable and/or commercially-sensitive

How long would it take to become approved ?

That depends on the activities of your organisation, and the security measures you have already taken.

However, we can typically produce an Information Security Management System designed around your business, audit its implementation to ISO 27001 and get it through a UKAS-approved certification in around 10-12 working days. We have found that implementation is usually most successful when completed over a 2-6 month period, depending on the security structures already in place.

What must I need to do ?

Simply identify the areas of the organisation where significant risk to the security of  information exists. Then develop and implement appropriate controls to reduce the risk.

Annex A of ISO 27001 offers a number of measures to control information security. The suitability of these controls for your business needs to be determined. Hence, where risk is significant, controls need to be developed.

The effectiveness of the controls must then be assessed through internal audits, and by assessing security performance against measurable objectives. A process for reporting security breaches (and potential breaches) also needs to be set up.

What is this likely to cost ?

Our fees are based on a day rate. The number of days are based on the activities of your business, but for ISO 27001, are typically 10-12 days for a small business.  Certification by a UKAS ( i.e. UK Government approved body) typically costs £ 5-6000 for a three year certificate.

For more details and assistance in gaining the necessary certifications contact ISO Consultants.

We currently offer the following routes in pursuing this set of ISO Standards

At this time we have three options available for clients pursuing this set of standards and the implementation of controls.

Face to Face


Do it yourself

Share This