How to get accredited under ISO 27001 – and keep it

How to get accredited under ISO 27001 - and keep it

How to get accredited under ISO 27001 – and keep it

ISO 27001 is the standard accreditation for information security management systems. If you want to work with enterprise, finance, utilities etc. customers it’s something you need to have.

Basically, having an ISO 27001 accreditation means your standards of information security management have been independently validated. Think of it as a short-cut to proving your business is air-tight with data – one that will come in extremely handy when you pitch for new business.

  1. Here’s all you need to know about ISO 27001.

Keeping data and information confidential

If data and business information is confidential, then, as such, it’s safe.

The ability to access, store or delete information must be available to those who are authorised and removed when it is no longer required. This may include the management of any asset which is used to access this information (like a CRM tool). Businesses need to have policies and processes in place to ensure that they keep on top of this – and they need to be written down for when the ISO auditors come (but more on that later).

  1. After certification

Once a business receives a certification, the journey then continues towards re-certification. On-going maintenance and the management of the information management system is the key here.

It’s important to raise awareness of ISO27001 through training within the rest of your business to make sure it’s taken seriously. It’s a good idea to remind your team of why you’re going through this certification and why it’s important.

Any security related incidents (like someone losing a laptop) must be logged and dealt with accordingly.

  1. Regular Audits

There may be many recurring audits from your business customers, internal independent audits or the certification bodies to review the deployment of your information security system.

From the point of certification onwards, there are usually number of non-compliance items that need attention. Managing these open items to completion will ensure that your ISO 27001 certification remains on track.

  1. Winning new business

Showing your ISO27001 certification to new business customers will give them peace of mind. In some verticals, ISO certification is mandatory as part of the buying process and any security questionnaires which may follow.

This is about demonstrating and assessing that your business has the adequate controls in place before they enter into a contract.

If you need help with getting your ISO27001 system on track, going for re-certification or moving it forward we are here to help. Contact us for a chat at