ISO 27001 Certification
Summary
Welcome to our area devoted to the ISO 27001 Information Security Management System standard. This page provides an overview of ISO 27001 with separate sections covering its history, what certification costs and the benefits.
ISO 27001 is for all organisations large or small and covers
all sectors, including charities and the voluntary sector.
It will help you to be more structured and organised but
doesn’t require
bureaucracy. The standard applies to organisations who wish
to assess their information security risks and implement
ways of addressing them. Most organisations want ISO 27001
certification to qualify for a tender or to achieve
preferred supplier status. As with other ISO management
standards, by introducing better management processes
re-work can be avoided, resulting in cost saving benefits.
We have over 40 years experience in the assessment industry and our customers benefit from our Fixed Fee Guarantee; you are guaranteed certification within the agreed budget no matter how many audits are required. In addition, we make all of our customers a Price Match Promise; if you can find a cheaper like-for-like quote within 14-days, we’ll match it and give you a 10% discount from your next audit.
Once underway, your Assessor will undertake a gap-analysis (known as a Stage 1 Audit) and you will receive a report outlining any non-conformities that are identified. Where appropriate, we can also provide you with good-practice examples and guides, as well as training in the standard.
Get a Quote
To receive your fixed price ISO 27001 quotation, please use the Online Quotation Form or call 0800 404 7007.
Benefits
Most organisations want ISO 27001 certification to qualify for a tender or to achieve preferred supplier status: typically for a Local Authority or for a supply chain requirement.
There are many benefits to achieving ISO 27001
certification, including:
Better management of information security risks, now and in the future
Increased access to new customers and business partners
Demonstration of legal and regulatory compliance
Potential for reduced public liability insurance costs
Enhanced status and competitive advantage
Overall cost savings (reduced errors and re-work)
In addition, ISO 27001 is designed to be compatible with other management system standards such as ISO 9001 (Quality), ISO 14001 (Environment) and OHSAS 18001 (Occupational Health & Safety). All or any combination of these complementary standards can be integrated seamlessly. They share many principles, so choosing an integrated management system can provide you with outstanding value for money.
If you would like an integrated management system,
comprising all or a combination of ISO management standards,
simply let us know your requirements and we'll provide you
with a fixed price
quotation.
Get a Quote
To receive your fixed price ISO 27001 quotation, please use the Online Quotation Form or call 0800 404 7007.
Process
STEP 1: Preparation
Realistically, if you are new to the ISO 27001 standard you are going to need some guidance and we have a range of off-the-shelf good practice guides on our website which are free of charge. When you're ready, we’ll discuss your requirements with you and provide you with a Fixed Price quotation so you can budget accurately. Your quotation will be based on factors like what you do, how many locations you operate from and how many people you employ (if any). To get the ball rolling, simply call us on 0800 404 7007 or email us an enquiry.
STEP 2: Application
Once you decide to go-ahead, we'll assign a Lead Assessor to you. He or she
will be your principal contact throughout the registration process and beyond.
They will build up detailed knowledge of your organisation and will be able to
answer any questions you may have.
STEP 3: Pre-Audit Assessment (known as Stage 1)
Your Lead Assessor will visit you to explain the standard
and undertake a conformity evaluation of your current
arrangements for information security management. You will
then receive a detailed report including all required
actions. Together, you will then determine the appropriate
timetable for your Audit Assessment.
STEP 4: Audit Assessment (known as Stage 2)
Once you are ready for your formal Audit Assessment, your Lead Assessor will
make the required arrangements for you. On completion, you will be informed of
the Auditor's recommendation before he or she leaves your premises.
STEP 5: Registration & Certificate
Following the Auditor's recommendation, your registration will be reviewed and if approved your certification will be confirmed. Soon after, your certificate of conformity to the ISO 27001 standard will be issued and sent to you.
STEP 6: Continual Assessment
Having achieved certification, you will want to maintain
your registration and your Lead Assessor will remain on hand
to undertake the required annual reviews to ensure you
continue to meet the requirements of ISO 27001.
Get a Quote
To receive your fixed price ISO 27001 quotation, please use the Online Quotation Form or call 0800 404 7007.
Costs
We work with clients from the very large to the very small and even if you are a ‘one man band’, we can help you!
Your quotation will be based on factors like what you do, how many locations you operate from and how many people you employ (if any).
We provide all of our clients with a Fixed Fee quotation because we know that day rates have a habit of going over budget and we believe in being transparent.
All of our quotes are inclusive. We won’t charge you extra for travel, registration fees or for your certificate (unlike many others). The only thing to add is VAT.
In addition, we make all of our customers a Price Match Promise; if you can find a cheaper like-for-like quote within 14-days, we’ll match it and give you a 10% discount from your next surveillance.
Get a Quote
To receive your fixed price ISO 27001 quotation, please use the Online Quotation Form or call 0800 404 7007.
History
The ISO/IEC 27000 series consists of information security
standards published by the International Standards
Organisation (ISO) and the International Electrotechnical
Commission (IEC). The series is designed to give best
practice recommendations on information security management
including risks and controls within the context of an
overall Information Security Management System (ISMS), in a
similar way to management systems for quality assurance (ISO
9000) and environmental protection (ISO 14000).
There are seven published standards within the ISO 27001
family, with ISO 27001 being the standard organisations can
be certified to. ISO 27001 can be traced back to the British
Standard 7799, which was published in 1995. Originally
written by the DTI, after several revisions ISO took it on
as ISO/IEC 17799.
There was a second part to BS 7799 which formed the
implementation of an ISMS. This element was what ISO 27001
became in November 2005. In the same year ISO 27001 was
published, a third part of BS 7799 was released. This covers
risk analysis and management, aligning with the ISO 27001
standard.
The basic objective of the ISO 27001 standard is to help establish and
maintain an effective information management system, using a
continual improvement approach. It implements OECD
(Organisation for Economic Cooperation and Development)
principles, governing security of information and network
systems.
Get a Quote
To receive your fixed price ISO 27001 quotation, please use the Online Quotation Form or call 0800 404 7007.