ISO 27001 Certification Guide: What You Need to Know

What is ISO 27001 certification?

Increasing scrutiny about how organisations manage personal data has resulted in the rapid growth of certification to ISO 27001 – especially in the UK.

ISO 27001 is the international standard that lays out the specifications for implementing an information security management system (ISMS). An ISMS can be audited by an independent CB (certification body) to assess whether it conforms to the standard’s requirements.

Purchase your copy of the standard today

Get ISO 27001 certified with IT Governance

IT Governance are the leader in ISO 27001 implementations. We’ve helped more than 800 organisations achieve compliance with the standard since our management team led the world’s first ISO 27001 certification project. Contact us now for advice or a quote.

Contact us

How long does ISO 27001 certification last?

Once certification is achieved, it is valid for three years. However, the ISMS must be managed and maintained throughout that period. Auditors from the CB will continue to conduct surveillance visits every year while the certification is valid.

Advantages of ISO 27001 certification

Although many organisations use ISO 27001 as a framework for information security best practices, organisations may prefer not to get certified, or postpone the certification process. There are, however, numerous benefits to achieving certification. Many organisations opt for certification because of client or contractual requirements.

Free pdf download: Information Security & ISO 27001: An introduction

Explore the benefits of achieving ISO 27001 certification

Learn more about the benefits of ISO 27001 accreditation in our free green paper: Information Security &
ISO 27001: An introduction

Download now

How to get ISO 27001 certification

Organisations that have identified that they need ISO 27001 certification often come to us for advice about what to do first. Depending on your budget, timeframe and resource availability, there are several options.

We’ve outlined the basic recommended routes in a helpful PDF guide.

Download your copy today

The ISO 27001 certification process

Once you are ready for certification, you will need to engage the services of an independent, accredited CB. These CBs have been assessed by the relevant national authority based on their competence, impartiality and performance capability through a rigorous assessment process.

The ISO 27001 accreditation process consists of two stages and is conducted by a qualified auditor.

Stage 1

The auditor will review your documentation to check that the ISMS has been developed in accordance with the Standard. You will be expected to present evidence of all critical aspects of the ISMS, but how much depends on the CB’s requirements.

Stage 2

If you pass the first stage, the auditor will conduct a more thorough assessment. This assessment will involve reviewing the activities that support the development of the ISMS. The auditor will analyse your policies and procedures in greater depth and check how the ISMS works in practice with an on-site investigation. The auditor will also interview key staff members to verify that all activities are undertaken following the specifications of ISO 27001.

Considering implementing ISO 27001? Download your free project checklist.

How much does ISO 27001 certification cost?

The cost of ISO 27001 certification usually depends on the number of employees working for the organisation. Certification for an organisation with up to 500 employees could cost in the region of £10,500.

Our ISO 27001 Global Report provides further information on what organisations usually pay and whether they think ISO 27001 certification is worth it.

Can you get certified to ISO 27001 with IT Governance?

IT Governance is not a CB. Instead, we specialise in helping organisations like yours to prepare for certification fully. We do this by providing any combination of training, consultancy, tools, books and advice so that you are ready by the time you engage a CB.

We support the concept of independent, accredited certification, which means that we do not audit our own work. For the same reason, CBs are not permitted to provide consultancy and advice to their clients before conducting a certification audit.

Through our years of experience assisting more than 600 organisations with ISO 27001 implementation and certification projects, we know precisely what CBs expect. As a result, we can offer you unrivalled expertise.

Download our consultancy brochure to find out more information

Ready to simplify your security? Let’s get started

Having led the world’s first ISO 27001 certification project, we are the global pioneer of the Standard. Let us share our expertise and support you on your journey to ISO 27001 compliance.

Why choose IT Governance?

  • Our implementation methodology has been honed over more than 15 years.
  • We are the global authority on ISO 27001 – our management team led the world’s first ISO 27001 (formerly known as BS 7799) certification project.
  • We offer everything you need to implement an ISO 27001-compliant ISMS – you don’t need to go anywhere else.
  • We guarantee certification (provided you follow our advice!).
  • We have trained over 7,000 professionals on ISO 27001 implementations and audits worldwide. We’ve also helped more than 800 clients achieve certification to and compliance with ISO 27001.
  • Our technical expertise, combined with our management system standards track record, puts us in a different class from other consultancy providers.
  • Our pricing and proposals are transparent so that you won’t get any surprises.
  • We can help small organisations prepare for ISO 27001 certification in just three months.
This website uses cookies. View our cookie policy
WIN £100