New: Online ISO 27001 Academy
Covid-19 has accelerated our plans to launch our Online ISO 27001 Academy, which makes it easy and cost-effective for organisations with remote workers to implement an information security system that helps them align with – and achieve – ISO 27001:2013.
With the whole world on lockdown and many team members working remotely, we know business leaders are looking for innovative ways of sustaining their momentum and continuing to progress. This is why we’re launching the Academy now, so businesses can use this time to achieve something that will pay dividends when the world is back up and running – even if their people are working from home.
Why ISO 27001
We’ve seen first hand the doors ISO 27001 opens for SMEs. It’s a tool that lets them punch above their weight when it comes to winning new business like securing lucrative contracts and prestigious new clients.
For instance, when bidding for contracts, you may have encountered pages and pages of information security questions. These are effectively asking for all the controls that ISO 27001 implements. If this is becoming a running theme, achieving ISO 27001 may be a worthwhile investment for you; it will make life much easier because you can easily prove you meet the requirements.
It’s also worth noting that by achieving ISO 27001, you prove that you’ve taken practical steps to meet your regulatory obligations. You can use this to differentiate from your competitors in your marketing, and shout about the fact you take information security seriously.
Supply chain requirements
Sometimes, ISO 27001 may be a requirement that is retrospectively pushed on small businesses as part of supplier assurance schemes. It may not have been at the top of your list of priorities, but you might have to choose between achieving the standard, or losing a client.
It’s worth bearing in mind the other benefits of the standard, and remembering that having a small team may feel like a disadvantage, especially if everyone is already working at capacity, but it allows for a big-picture review of organisational processes and procedures, which can be improved and designed to scale with the business, reducing the need for an overhaul down the line. This would likely be far more costly in terms of time and resource.
Information security by design
This means considering information security as you grow, embedding it in your organisation as part of your operations, so that everyone from the top down is protecting both your – and your clients’ – valuable information from the start.
This approach is particularly advised if you know that ISO 27001 will be a requirement down the line. It makes sense to embed best practice in your business early on in your journey, even if you don’t require the accreditation quite yet.
Having ISO 27001 implemented and running for a period before you require accreditation is a really good approach that means you will have consistently reviewed and improved security practices, while recording valuable evidence for the accreditation.
Our ISO 27001 experience
Here at Securious, we have been helping businesses implement ISO 27001 for years. Our approach includes sharing knowledge and good practice, making sure the right documents are in place, ensuring evidence is captured effectively and helping this become part of normal business operations.
Having developed our tools and methodologies over time, we use our clients’ feedback on what works and what is difficult to help businesses overcome common struggles and implement ISO 27001 efficiently.
One of the biggest obstacles that most clients – particularly small businesses – face is implementing ISO in a cost-effective way, and that’s why the ISO 27001 Academy was born.
The ISO 27001 Academy
Traditionally, consultants have delivered ISO 27001 workshops to our clients’ internal management teams, guiding them through the implementation and making recommendations for being as efficient as possible.
But there are many key areas within ISO 27001 that come with similar questions, pitfalls and struggles for internal teams – particularly within smaller businesses. This presents an opportunity for a far more collaborative – and cost effective – approach: the ISO 27001 Academy.
How it works
The ISO 27001 Academy consists of six online workshops that give you an understanding of the Standard, its application and implementation, while helping you build an information security management system manual – the core document required for ISO 27001.
On joining the Academy, you’ll work with a community of like-minded businesses to implement ISO 27001, supporting each other, sharing ideas and holding each other to account.
We found while piloting the Academy that often someone would raise a question and the answer really helped someone else – but they may never have thought to ask themselves. It’s these subtle – but hugely beneficial – elements that make the ISO 27001 Academy such good value.
What are the benefits of the ISO 27001 Academy
- No loss of progress because of remote working – all models delivered online through webinar-style interaction
- Lower cost – less than half the normal investment required for ISO 27001 implementation
- Accountability – the group works towards the same objectives, which motivates members to stay on track
- Peer group – work with and learn from like-minded businesses to discuss and overcome challenges
We project manage the implementation for each company, providing members with the tools and documents that they need at the right time, along with actions to work on and outstanding documents to complete. We share all of this through a secure share with each company individually.
The most important thing for us that was fed back after our Pilot is that the Academy makes ISO 27001 fun to implement for members. This is really exciting – we are always trying to find cost effective ways for small businesses to be able to demonstrate that they take cyber security seriously through various types of compliance standards, but seeing how engaged everyone is on the ISO Academy is a real breakthrough.
Want to find out more?
If you have any questions or want to discuss how the ISO 27001 Academy could work for your business, get in touch today by using the contact form below. You can find more information on our dedicated ISO 27001 Academy page.