Insights | Integrity360

Becoming Certified to ISO 27001

Written by Ciarán Johnson, Head of CISO Services | 09 November 2015 00:00:00 Z

Becoming certified to ISO 27001

Established by the International Organisation for Standardisation, ISO 27001 is the most widely accepted security standard in the world for information security management systems (ISMS). Companies that achieve this certification demonstrate that they have the technology, infrastructure, internal processes and employee awareness to comply with these strict standards of how information is protected.

Why become certified? 

We have seen a significant increase in a desire to become certified, both in our current customer base and in potential clients. And their motivations vary. Some see it as a confirmation of the work they are doing, others to be compliant with regulatory requirements in territories they wish to operate in, while a significant number are being asked by their partners and potential customers if they are certified. Becoming certified provides an opportunity for improved business performance. Thankfully all see it as the opportunity to enhance their security posture.

ISO 27001:2013 can be the foundation of your information security posture. It can enhance the trust your customers and partners have in your ability to secure their sensitive data and information and in turn offer them peace of mind working with you.

Certification to ISO 27001:2013 highlights your ability to integrate your risk management practices with your security expertise across all your business. After all security is not exclusively an IT responsibility – it is everyone’s. Quite a number of security incidents are caused by people – be it human error or malicious intent. An ISO 27001:2013 certified ISMS provides clear guidance on how your people should behave when handling information. Using this clarity alongside your security technologies and processes can undoubtedly help you reduce the risk of security incidents, improved your recoverability capabilities and enriched your service availability. 

Becoming certified - what’s involved? 

The effort that goes in to achieving certification is not trivial, however, once you move on from the transition phase the effort to sustain and ensure the stability of the ISMS is reduced to a very manageable level. Support from senior management, and all your employees is critical to a successful implementation and ultimate achievement of ISO 27001:2013 certification. ISO 27001:2013 needs to become part of your day-to-day activities.

ISO 27001:2013 is not a standard that imposes itself on an organisation, it is not a standard that inflicts onerous tasks. We work with organisations to ensure that their ISMS is established to fit their business, large or small, local or international, while using a practical approach we ensure it is fully compliant with all the requirements of the standard. ISO 27001:2013 provides the framework within which organisations can build the security of their data and information on. The standard helps senior management address the security risk challenges their organisation face on a daily basis. Senior management should not be intimidated by the thought of the 14 security areas (Up 3 from the previous version) or the 114 controls (Down 19 from previous version) and the work load it may bring. And while each implementation of a certified ISMS is different our proven approach can assist any organisation become ISO 27001:2013 certified.

If you would like more information on becoming certified to ISO 27001 please email info@integrity360.com.