As a busy, growing company achieving ISO 27001:2013 is always challenging, but our team all worked really well together, and demonstrated how well our implementation plan works.
ISO 27001:2013 is the international standard for information security. Certification by a UKAS accredited body such as BSI ensures that the highest standards are achieved and maintained. ISO 27001 provides an excellent framework to help organisations manage and protect their information assets so that they remain safe and secure. It requires you to continually review and refine how you do this, not only now, but also for the future. Importantly, value is added with ISO 27001 certification by inspiring trust, whilst protecting your business, your data and your reputation.
GDPR – ‘appropriate technical and organisational controls’ and unlocking markets.
One of the reasons many organisations are coming to us to help them with their implementation is that they want to use ISO 27001 to demonstrate they have appropriate technical and organisational controls in place to meet their GDPR requirements. An information security management system like this enables you to be constantly reviewing the information you have, the current risks and how these are being mitigated, then checking these to make sure they are effective.
Many third party GDPR questionnaires align to ISO 27001, and many organisations are requiring their supply chain to have this in place. For some of our clients this has unlocked new markets for them, so the added value is evident.
Good project management and a robust plan are essential.
We have been helping South West based clients to achieve ISO 27001 and have developed a robust implementation plan. This takes them through ten stages, ensuring they understand the requirements and how to embed them in their organisations as business as usual. Everything is managed by our internal project manager, Darren, who keeps everything (and everyone…he’s 6ft 7) on track to ensure we meet our deliverables on time.
It was important to us that all of our team were involved in the implementation as it was an opportunity to develop our team skills by sharing knowledge and best practice. One challenge we faced was ensuring sufficient time and resource for the project. The deliverables were all booked in and assigned to each team member to meet our deadlines which made sure our time was used effectively.
Book your date early…
There is a shortage of auditors for ISO 27001, so key was getting this booked with BSI as early as possible, but we still had to wait nearly six months. The auditor spoke to our newest team members as part of the audit and they were confident and knowledgeable, demonstrating that the knowledge sharing and training was effective.
‘I am very proud of how our team worked together to achieve ISO 27001 certification. It was very important that we used a UKAS accredited body to achieve the highest standard possible so that we knew our processes and procedures were robust and effective’
Pete Woodward, CTO
ISO 27001 is part of how we work, and our first information risk assessment was a week later when we moved to larger offices at the Science Park Centre…business as usual.