Is it time small businesses considered ISO 27001?

While combating cyber threats is a challenge for all organisations, small businesses can find the experience particularly daunting and stressful. Small business owners are usually preoccupied with other tasks and responsibilities, and information security is hardly on their agenda.

With research showing that 74% of small businesses fell victims to a data breach in 2014 (according to PwC’s 2015 ISBS Survey), there’s clearly pressure on them to boost their security defences.

In addition, clients are increasingly demanding evidence from their supply chain that information security best practice has been implemented. This puts a new perspective on cyber security. Being able to demonstrate that you are cyber secure is no longer just about protecting against cyber attacks; it has become a key differentiator in winning new business and earning stakeholders’ trust.

What is ISO 27001?

ISO 27001 is a technology-neutral and vendor-agnostic international standard that sets out the specification of an information security management system (ISMS). It is applicable to organisations of all types and sizes, and provides a risk-based approach to security specific to the organisation that implements and maintains it.

The ISBS revealed that ISO 27001 remains something that businesses value, particularly in trying to gain assurance over their supply chain. 40% of organisations ensure that a provider has ISO 27001 certification when contracting for services. The growing role of ISO 27001 certification in customer assurance is also reflected in the Global ISO 27001 Report, which found that 68% of organisations have been asked by clients about their ISO 27001 status in the past year.

Based on these trends, small businesses would be wise to consider implementing and certifying to ISO 27001 to win new contracts and achieve business growth, while being protected from cyber threats.

Benefits of ISO 27001 certification

Similarly to large organisations, small businesses can benefit significantly from certifying to ISO 27001. They can use it to:

  • Prove they are taking cyber security threats seriously.
  • Demonstrate credibility when tendering for contracts.
  • Remove the need to complete detailed security questionnaires and respond to auditors for each new client.
  • Gain a marketing edge against their competitors.
  • Expand into global markets.

ISO 27001 certification is affordable

Bringing in external experts to prepare them for ISO 27001 certification is a sensible decision for small businesses that don’t have sufficient internal resources. But it doesn’t need to cost the earth.

Workforce Metrics, a small company, achieved ISO 27001 certification in only three months for under £5,000 by using IT Governance’s ISO 27001 FastTrack™ consultancy service.

Read Workforce Metrics’ case study here:

Abel Ureta-Vidal, COO at Eagle, a technology company that also used the ISO 27001 FastTrack™ consultancy, said:

“The FastTrack™ ISO27001 Consultancy Service made certification so easy for us; the package was low-cost, high-speed and resulted in minimal disruption during implementation.

“I would recommend to any firm of our size to outsource their ISO27001 project to IT Governance in this way. They guided us from inception to completion toward successful certification, using an implementation approach and methodology which has proved to be realistic and straightforward.”

Read Eagle’s case study here:

The ISO 27001 FastTrack™ consultancy is designed for the smaller business and offers complete ISO 27001 certification readiness in just three months for one-off, fixed price. It covers the risk assessment, development of ISMS documentation, staff security awareness training, management review meeting, internal audit, support during the registration audit and selection of an accredited registrar – all of which are delivered online.

We are so confident in our approach that we offer our clients a 100% certification guarantee.

Contact us today for more information on +44 (0)20 3633 2144.