ISO 27001:2013 FAQ
ISO/IEC 27001:2013 (ISO 27001) is the international standard that describes best practice for an ISMS (information security management system). Accredited certification to ISO 27001 demonstrates that an organisation is following information security best practices.
ISO 27001:2013 replaces ISO 27001:2005, providing a robust approach to measuring and evaluating how well an organisation’s ISMS is performing.
If your organisation is looking to achieve ISO 27001 certification, this FAQ may help you:
Where can I get a copy of ISO 27001:2013?
You can purchase your own copies of the standards from IT Governance here:
What are the benefits of ISO 27001:2013 certification?
Implementing an ISMS and gaining accredited certification to ISO 27001 enables you to:
- Comply with business, legal, contractual and regulatory requirements.
- Adopt a risk-based approach that informs senior-level decision-making.
- Win new business opportunities/retain your existing customer base.
- Differentiate your organisation in the market by being standards-compliant.
- Avoid large financial losses – both regulatory fines and contractual penalties.
- Remove the need to complete detailed security questionnaires.
- Safeguard your/your clients’ valuable intellectual property rights.
- Build trust and confidence that encourages your business partners and customers to entrust confidential data with your company (i.e. beyond self-declaration).
- Motivate leaders to maintain focus and impetus on management systems.
- Support a continual process of improvement throughout the organisation.
- Reduce/remove the need for second-party audits and their associated overheads.
What can IT Governance do to help us gain ISO 27001:2013 certification as quickly as possible?
IT Governance is able to provide the resources, support, guidance and advice you need in order to prepare for ISO 27001:2013 certification. Your organisation will then be in a position to be independently assessed by a recognised certification body (e.g. BSI, DNV, NQA, Alcumus ISOQAR, Certification International, Bureau Veritas).
With project support provided by our expert consultants, you can implement ISO 27001:2013 in less time, and for much less money than it would cost to go it alone. We can show you how to minimise the workload without sacrificing operational effectiveness.
What’s more, we don’t attempt to do the job for you as some consultancy practices aim to; we transfer the knowledge that you need at each and every stage in adoption.
Furthermore, you can hire us for either the whole job or any part of the process. For example, we can help you to:
- Carry out a health check – see our ISO 27001:2013 Health Check service page.
- Define a strategy for achieving ISO 27001 certification.
- Perform a detailed risk assessment.
- Develop ISMS documentation (high-level and/or low-level, as required).
- Roll out an ISMS and associated controls.
- Determine training and awareness needs.
- Prepare for internal, stage 1 and stage 2 (certification) audits.
- Achieve accredited certification.
- Maintain your ISMS (surveillance cycle).
What makes IT Governance different and why should we use your services to implement ISO 27001:2013?
Hundreds of organisations have used IT Governance’s expert consultants to achieve ISO 27001 certification, and many board managers and project leaders praise our expert approach and services. Hundreds more have sought our advice and support when introducing ISO 27001. Our cost-effective service offers you:
- A free initial assessment and/or low-cost health check so that you can assess where you are (after all, you may already meet many of the requirements) and identify how you can progress with us to success.
- Transparent pricing that enables you to control the cost of achieving certification.
- Transfer of knowledge and skills to you and your people so that you can continue meeting compliance targets after the initial implementation period ends.
- Documented information about your training programmes and the relevant skill levels/qualifications attained by members of staff and contractors, providing evidence of competence on the basis of appropriate education, training, or experience. (ISO 27001:2013 Clause 7.2: Competence.)
- Comprehensive and integrated ISO 27001 resources including experienced consultants, risk management expertise, technical information security expertise, trainers and training courses, books and tools, recruitment, and support.
- The means to link your ISO 27001 information security framework with your COBIT®, ISO 20000, ITIL®, PCI DSS and other management frameworks, as well as with your other information regulatory compliance obligations.
- A simple, no-quibble, 100% guarantee of successful certification, which removes all worry!
- An implementation approach and methodology that is pragmatic, proven and straightforward – we wrote the book on how to do it.
- In-house training and public training courses led by our international experts to help you make rapid progress and develop the skills to run your ISMS.
- An ISMS (information security management system) tailored to suit your requirements, is cost-effective to operate, and meets ISO 27001's requirements.
How IT Governance can help
IT Governance consultants can advise you on your ISO 27001 project and what to do to prepare for certification audits.
We can help you find the best way to address your ISMS project, whether you are an experienced ISO 27001 project manager or just starting the scoping process for your first ISMS.
From fixed-priced packaged solutions to
bespoke consultancy offering, IT Governance offers a unique range of products and services tailored to your needs.
email us or telephone 0845 070 1750 today to speak to one of our consultancy team.