FAQ
Your Questions Answered
ISO 27001 Certification
Any organisation that handles sensitive information – such as personal or financial data – needs ISO 27001. It’s important for such entities because it provides a detailed framework for managing and mitigating security breaches.
There are four main groups of requirements needed to achieve ISO 27001 certification:
- Management and senior leader responsibility.
- Management of resources such as staff, equipment, facilities, and business infrastructure.
- Management of physical and digital information security assets.
- The ability to assess the efficacy of your management system, and what you can do to improve upon it.
While it’s not a requirement, it is highly recommended for business storing all types of sensitive data. Plus, many organisations, partners, and regulatory bodies will have it as a requirement.
This could be as soon as 45-days after your initial visit, but the time it takes varies depending on the size and complexity of the organisation.
The initial certificate lasts for one year. Thereafter, you’ll be issued with a 3-year certification. To stay certified during this period, all organisations are required to pass one audit per year.
Yes! Not only is it a commercial requirement for certain businesses, but third parties may not do business with you if you’re not certified. Plus, it’s great for your business in general, demonstrating to your clients that you take information security seriously.
The cost of certification depends on your organisation. Things like size, scope, services, and your current information security state all have an impact. One thing that is for sure: certification is much cheaper than any fines incurred for a significant data breach. Plus, you can’t put a figured on the reputational damage that such a breach would cause.
Risk Assessment
Our risk assessment process evaluates your organization's policies, procedures, and technical controls to determine your readiness for ISO 27001 certification. Using our findings, we give you a detailed report that identifies any areas of non-compliance and offer practical recommendations to address them.
Embarking on the path towards ISO 27001 certification can be daunting, but a gap analysis is an essential first step in this journey. Our expert team identify what steps you need to take, and which resources will be required to achieve certification. Even if you've already conducted a gap analysis or have made progress towards certification, we can review your status and help ensure that you're on track to successfully achieve your ISO 27001 certification.
Initially we will require an asset list. Thereafter, anything else will be discussed during your one-to-one call.
One we have carried out your risk assessment, we’ll provide a realistic estimation for the whole certification process.
Audit Services
There is no legal requirement as to how often an organisation should have an audit. The frequency will depend on several factors such as the size of your organisation, the complexity of your IT environment, and the level of risk associated with your business operations. A good rule of thumb is every 12-months, but some organisations may require more frequent audits.
Typically, the reports must be available to the management and board of the company able to address any issues uncovered during the audit. External auditors may also ask for these reports to verify your processes after an external audit has been carried out.
An audit can help your business identify potential security risks and improve your information security management system (ISMS). If your organisation handles sensitive information or operates in an industry with regulatory requirements, an audit may be necessary to ensure compliance and reduce the risk of data breaches. Furthermore, it tells your partners and clients that you take information security seriously, which can in turn boost your public profile.
We offer a range of professional services and ISO 27001 certification-related services. Please visit each respective page to learn more.
An ISO audit is a process of evaluating an organization's compliance with the requirements of an ISO (International Organisation for Standardisation) standard. It involves an independent review of the organisation's management system to ensure it meets the requirements of the standard.
An ISO surveillance audit is a periodic review of an organisation's infrastructure by an accredited third-party certification body to ensure continued compliance with the requirements of the ISO standard. It is conducted after the initial certification audit and before the next recertification audit.
There are three types of ISO audits: internal audits (first-party audits), supplier audits (second-party audits), and certification (third-party audits).
- Internal (first-party) audits are conducted by the organization itself to assess its own management system.
- Supplier (second-party) audits are conducted by a customer or a supplier to assess the management system of their supplier or customer.
- Certification (third-party) audits are conducted by an accredited certification body to provide independent assurance that an organisation's management system meets the requirements of the relevant ISO standard.
IT Services
ISO 27001 is an internationally recognised standard for information and data security management. It gives organisations a framework for managing risks, protecting data, and maintaining IT system integrity. Although not a legal requirement, it’s important for IT companies as it helps to establish a robust set of security protocols and shore up data security.
Key challenges include properly allocating existing and new resources, re-aligning existing processes, carrying out risk assessments, and staying compliant within an ever-evolving space. Luckily, with our help, you’ll easily overcome these challenges.
The short answer? By implementing ISO 27001 best practices.
There are plenty of things IT services can do, including Cybersecurity Maturity Assessment (CSMA), Managed Detection and Response (MDR), risk assessment, and ongoing security testing. Fortunately, we offer all these services, and then some.
ISO 27001 offers a clear and easy-to-follow framework to help organisations align with internationally recognised best practices and industry standards.
It could be as soon as 45-days within our first visit. However, the length of time will depend on the size and complexity of the organisation, as well as their existing security posture.
Yes! By adhering to the internationally recognised standards of ISO 27001, you’ll be telling potential clients that you take data and information security seriously.
The price varies, depending on factors such as company size, scope, services, and your current security posture. However, achieving certification and shoring up your security is much less costly than a significant data breach. And that’s without mentioning the reputational damage incurred by such a breach.
Financial Services
ISO 27001 is an international standard for information security management. It provides a framework for systematically managing risks and protecting sensitive information. It’s important for financial services by ensuring the confidentiality, integrity, and availability of their data, as well as demonstrating compliance and building trust with clients.
Key challenges include protecting sensitive financial data, mitigating cyber threats and fraud risks, ensuring regulatory compliance, and establishing robust information security controls across complex systems and processes. Plus, the international nature of financial services further complicates such challenges.
By implementing robust information security controls, encryption mechanisms, access restrictions, data classification, and secure data storage. Regular employee training and awareness programs are also crucial in promoting a culture of data security.
Services such as Cybersecurity Maturity Assessment (CSMA), Managed Detection and Response (MDR), risk assessment, and ongoing security testing can all help financial services protect themselves. Fortunately, you can get all these services with ISO 27001 Certified.
With ISO 27001, financial institutions have a clear step-by-step framework towards achieving regulatory compliance to an internationally recognised standard.
After our first visit, this could be as soon as 45-days. However, how long this takes depends on the size and complexity of any organisation. Their existing security systems will also play a role. However, we’ll ensure the process is as quick as possible with minimum disruption to your daily operations.
It certainly can. ISO 27001 is an internationally recognised standard. Any potential client will see this and recognised that you take data and information security seriously, setting you apart from the competition.
The price depends on several factors, including company size, services, and the state of your existing security systems. However, it’s worth noting that getting certified and tightening your security processes will be much less costly than any potential data breach.
Healthcare
ISO 27001 is an international standard for information security. It’s important within the healthcare industry as it helps organisations protect patient data and ensure regulatory compliance.
Key challenges in implementing ISO 27001 for healthcare include securing patient information, managing complex data systems, and complying with healthcare regulations.
By implementing robust information security controls, encryption mechanisms, access restrictions, data classification, and secure data storage. Regular employee training and awareness programs are also crucial in promoting a culture of data security.
Implementing strict access controls and encryption for research data, conducting regular security assessments, and establishing robust data governance and intellectual property protection mechanisms.
With ISO 27001, healthcare organisations have a clear step-by-step framework towards achieving regulatory compliance to an internationally recognised standard.
After our first visit, this could be as soon as 45-days. However, how long this takes depends on the size and complexity of any organisation. Their existing security systems will also play a role. However, please rest assured that we’ll ensure the process is as quick as possible with minimum disruption to your daily operations.
It certainly can. ISO 27001 is an internationally recognised standard. Any potential client will see this and recognise that you take data and information security seriously, setting you apart from the competition.
The cost of implementing ISO 27001 for the healthcare industry varies depending on the size and complexity of the organisation. However, it’s important to note that the cost of implementing ISO 27001 is much less than the cost of a data breach.
Government
ISO 27001 is an international standard for information security management. It’s crucial for government organizations as it helps them establish and maintain robust security practices to protect sensitive data and ensure confidentiality, integrity, and availability of information.
Complex bureaucracy, budget constraints, inter-departmental cooperation, and ensuring compliance with specific government regulations and policies may all affect government implementation of ISO 27001 certification.
By implementing strong access controls, encryption mechanisms, regular risk assessment, security awareness training for employees, and establishing robust data governance policies.
They can adopt solutions such as implementing advanced security controls, regular vulnerability assessments and pen testing, establishing incident response plans, and investing in threat intelligence and monitoring systems to detect and mitigate cyber threats effectively.
With ISO 27001, government organisations have a clear step-by-step framework towards achieving regulatory compliance to an internationally recognised standard. This also gives their employees a concrete protocol to follow in the event of data breaches.
After our first visit, this could be as soon as 45-days. However, how long this takes depends on the size and complexity of any organisation. Their existing security systems will also play a role. However, rest assured that we’ll ensure the process is as quick as possible with minimum disruption to your daily operations.
ISO 27001 is an internationally recognised standard. Adhering to it demonstrates to both citizens and other government agencies that you take information security very seriously.
The cost of implementing ISO 27001 varies depending on the size and complexity of a particular agency. However, it’s important to note that the cost of implementing ISO 27001 is much less than the cost of a data breach.