Nick Orchiston, senior consultant at IT Governance, has helped a wide variety of organisations, from SMEs to global corporations, achieve ISO 27001 accredited certification.
In his years of experience, he has identified the major areas of the implementation process that need special attention:
“For ISO 27001, there are two really big chunks of work– the risk assessment, and documenting the processes and controls.”
These are often the greatest pitfalls in achieving ISO 27001 certification and can often be the reason nonconformities are raised.
Greatest pitfalls in ISO 27001 certification
The risk assessment and documentation are troublesome because there’s a lot of work involved with lots of room for error. Organisations can be looking at managing potentially hundreds of documents at any one time, so even the most experienced implementers can find their work plagued with errors and inconsistencies.
“Having tools for these aspects can be very beneficial and give someone implementing any management system a ‘key’ to unlock the door.”
Reducing errors and saving you time and money
Using pre-written templates and risk assessment software can significantly reduce errors, save you time and money, and act as guidance for achieving ISO 27001 certification.
The No 3 Comprehensive ISO 27001 ISMS Toolkit comprises pre-written, fully compliant and customisable templates for creating the ISMS documentation, as well as vsRisk, the leading risk assessment software, to speed up and simplify your risk assessments. These two tools integrate with each other and minimise errors in your work, saving you considerable time, and streamlining your approach to certification.
The toolkit also contains the official ISO 27000 standards, implementation manuals and tools, and comes with 12 months’ support to get your cyber security project off the ground and running.