Historically, the implementation of a management system has been seen as only something that large organisations can undertake, but this simply isn’t the case. Gaining certification against ISO27001 is only as difficult as you want to make it. It has been possible for a long time to scale the implementation of an information security management system (ISMS) to the requirements of an organisation and the release of ISO/IEC 27001:2013 has just made things a whole lot easier….
Small-scale implementation after the release of ISO/IEC 27001:2013
With the release of ISO/IEC 27001:2013 it has never been easier for SMEs to start using the standard. To be more specific, the standard offers a flexible approach to ISMS implementation. The 2013 edition of the standard enables you to choose the method for developing and continually improving an ISMS (rather than mandating one approach), utilise third party sets or in-house developed information security controls, as well as use a wide variety of methods for undertaking an information security risk assessment.
It is this flexibility at the heart of ISO/IEC 27001:2013 that makes this standard a lot more user-friendly, particularly for smaller organisations.
Learn more about the process of implementing the 2013 edition of ISO27001 by reading the books in the ISO/IEC 27001 Certification Bundle, a comprehensive set of books from BSI, on the UK’s National Standards Body, on ISMS implementation and becoming certified against the standard.
Whilst there may not currently be a certification scheme for the 2013 edition of the standard, you can still get started on your ISO27001 project. If you are a small organisation then we recommend our FastTrack ISO27001 Consultancy Service.
Don’t be put off by what you have heard about management system standards, judge for yourself and find out how scalable and flexible they are!