ISO 27001 Certification


British Assessment Bureau is the UK’s number one choice for ISO 27001 Certification.

Since 1969 we have provided our clients with an award-winning service based on confidence and trust.

Our UKAS accreditation is a key part of the confidence we can guarantee our clients. Our accredited ISO 27001 certificates all come with the coveted ‘Crown & Tick’ mark, underlining the security that only comes from Government-backed certification.

Benefits of Certification Benefits of Certification

There are a number of reasons why ISO 27001 has grown to become so popular in recent years. Just some of these include:

  • Proving to clients you keep their information secure
  • Achieving operational excellence
  • Minimising risks to potential data security breaches
  • Protecting your reputation
  • Reducing errors and costs
  • Increasing business profitability
  • Engaging your staff
  • Demonstrating credibility and trust

The Process The Process

Are you new to ISO 27001? No problem! We take 1,000s of organisations through the certification process every year.


Your dedicated Assessor will get in touch to set the scene and get you thinking about how best to get prepared so you can complete certification in record time and start reaping the rewards.

STEP 2 – FIRST ASSESSMENT There is no pressure for the first ‘Stage 1 Assessment’; you will be surprised what you already have in place prior to us visiting. Whilst we’re not permitted to provide consultancy – so that we maintain impartiality – the unique template toolkit we have developed makes certification achievable with no previous experience.

STEP 3 – SECOND ASSESSMENT When you are ready, your Assessor will visit you again for a ‘Stage 2 Assessment’, you’ll be told the result on the day. Once our compliance team have reviewed your report, we will confirm your certification. You will then be sent your certificate, alongside those all-important logos. Our marketing team is always on hand to help you spread the news about your success.

STEP 4 – ANNUAL ASSESSMENT ISO 27001 is so respected because of its requirement for continuous enhancement, this involves a commitment to being assessed every 12-months. We will contact you to arrange a quotation in plenty of time for you to decide. For those with current certification, we’re pleased to offer our Transfer Switching service.




Cost Cost

The cost of your ISO 27001 certification will be quoted on a fixed fee basis, reducing your worry about additional costs.


The cost of certification is ultimately determined by factors such as the organisation’s total size, the sector it’s in, and the number of locations they operate from. Regardless of your size, we always provide a fixed fee with no hidden costs to worry about. To make budgeting your ISO requirements a little easier, we offer a monthly payment plan as standard to all registered companies, charities and organisations*. If this option is taken an initial payment of only 20% is required with the balance payable over 10 monthly direct debit payments. Alternatively, if you wish to pay the full fee up front a 10% discount will be applied.

*Credit check is not required subject to confirmation of company registration, minimum 6 months trading history and self-certification of solvency. This option is not available to sole traders due to consumer regulations.


To enable you to immediately reap the rewards, we will provide you with a Letter of Commitment once you start the process. You will meet your Assessor who, together with your Account Manager, will be with you throughout the entire process. With our free toolkits and online training, our approach has allowed 1,000s to achieve hassle-free certification in just a few months.

Success Stories Success Stories

Positive Images (UK) Ltd

ISO 27001

  • New processes have greatly enhanced existing data security
  • ISO 27001 has attracted new clients and business
  • Now meeting tender requirements as a direct result

“More and more tenders are requiring certification to ISO 27001 and for certain contracts it is becoming a necessity. ISO 27001 is already improving the way our business operates and helped in attracting new clients and business as a direct result of certification. We expect ISO 27001 to open more doors to us in the future.”

Read More Download


ISO 27001

  • Provides evidence of complying with the GDPR
  • Allow tenders to public sector organisations
  • Manages the risk of storing valuable digital information

"The entire certification journey to implement ISO 27001 was simple and easy to navigate. We were able to move seamlessly through each stage. Overall, implementing ISO 27001 has been a positive experience that has benefited our business."

Read More Download

Get a Quote

To help us prepare the best quotation for you, please complete the form below. We'll get back to you as soon as possible; but if you need immediate assistance, please call 0800 404 7007. (Please note we're open 9:00 - 17:30 Monday to Friday.)

Choose service

We will only contact you regarding the service you are enquiring about, you will have the opportunity to opt-in to marketing e-mails.


If you’d like to learn more about this accreditation, the process and how the British Assessment Bureau can help you, check out these handy FAQs:

  • Yes, and you don’t have to wait until renewal date, you can transfer at any time. Please be aware that you will be required to start the process from the beginning, ensuring you are meeting UKAS’ standards.

  • Providing that you have an annual surveillance audit, your certificate will last for 3 years from the start date. If you do not have an annual audit your certificate will not be valid.

  • No, but you’ll need a designated representative or coordinator who’ll take responsibility in your organisation.

  • Don’t worry. Our ongoing commitment to you is to make sure you don’t forget it! We’ll be keeping in touch with you to make sure that everything is going well after certification. Then we’ll be in touch 3 months before your audit is due to arrange a visit date.

  • We are allowed to provide:

    - Generic templates from our extensive toolkit.
    - Training – either in-house or in our regular courses. We have a list of available dates and venues throughout the UK right here.
    - Advice and guidance from our Assessors throughout the entire process.
    - A Gap Analysis service designed to show you what needs to be done to get you to become an ISO certified company.

  • This is dependent on the structure of the organisation. Sometimes you’ll only need to protect the aspect of your business which protects client data.

What is ISO 27001? What is ISO 27001?

ISO 27001 is the standard created by the International Organization for Standardization (ISO) which deals with Information Security Management. It’s a way of making sure that you’re managing information security risks effectively. ISO 27001, isn’t new. It can be traced back to the British Standard 7799, published in 1995. Originally written by the DTI, after several revisions ISO turned it into an internationally recognised standard. The aim of the ISO 27001 standard is to help companies to establish and maintain an effective Information Security Management System (ISMS), using a continual improvement approach. You’ll systematically examine any risks to the organisation’s information security and put in place policies & procedures to manage those risks. The intention is that an organisation should design, implement, maintain and continually improve a set of controls and measures to manage any threats to its information assets.

Why choose ISO 27001? Why choose ISO 27001?

Because of the demand for ISO 27001 by central government and local authorities, it’s unsurprising that most organisations want to implement ISO 27001 because it gives them a greater chance of winning tenders for contracts. In fact, some organisations say they simply would not have been eligible to tender without it.

Why choose ISO 27001?

8 Reasons to get certified 8 Reasons to get certified

If you’re not already convinced as to why you should elect to apply for an ISO 27001 certification, follow this list of eight reasons why it’ll serve to massively help.

  • Bringing in new business
  • Reducing financial loss
  • Supply chain assurance
  • Improved processes
  • Continual improvement
  • Risk management
  • Satisfying stakeholders
  • Global acknowledgement

How long does certification take? How long does certification take?

It usually takes between 3-6 months, but this depends on the size of the organisation and how many sites they have. Smooth implementation is helped greatly by management’s buy-in and an ISO 27001 champion to take responsibility for achieving certification. Don’t worry, in most cases the principals of ISO 27001 will soon become integrated within your business, and before you know it, it’ll just be the way you do things!

ISO 27001 History ISO 27001 History

The ISO/IEC 27000 series consists of information security standards published by the International Standards Organisation (ISO) and the International Electrotechnical Commission (IEC). The series is designed to give best practice recommendations on information security management including risks and controls within the context of an overall Information Security Management System (ISMS), in a similar way to management systems for quality assurance (ISO 9000) and environmental protection (ISO 14000).


There are seven published standards within the ISO 27001 family, with ISO 27001 being the standard organisations can be certified to. ISO 27001 can be traced back to the British Standard 7799, which was published in 1995. Originally written by the DTI, after several revisions ISO took it on as ISO/IEC 17799.


There was a second part to BS 7799 which formed the implementation of an ISMS. This element was what ISO 27001 became in November 2005 (therefore named ISO 27001:2005). In the same year ISO 27001 was published, a third aspect of BS 7799 was released. This covers risk analysis and management, aligning with the ISO 27001 standard. The basic objective of the ISO 27001 standard is to help establish and maintain an effective information management system, using a continual improvement approach. It implements OECD (Organisation for Economic Cooperation and Development) principles, governing security of information and network systems.


In October 2013, the latest revision of the standard titled ISO 27001:2013 was published. Based on ISO’s new high-level Annex SL structure, it is designed to be even more compatible with other Management System Standards. The update also takes into account the changing world of information security, where cybercrime, cloud computing and smartphones have altered the landscape considerably. More than ever, it is recognised as the best practice standard for demonstrating information security credentials. There is a now a new European version of the standard called ISO/IEC 27001:2017 which incorporates two corrected items in Clause 6.1.3 and Annex A control 8.1. Because this is at a European and not international level, certification bodies remain issuing certificates to ISO 27001:2013. However, clients can request and be issued certificates to ISO/IEC 27001:2017 if required.



Knowledge Bank

Discover the latest industry news and helpful ISO inspired business guides.

ISO 27001 for Beginners

The ISO 27001 Information Security Management standard is a way of ensuring you'e managing your risks effectively. Read on for an introduction to the standard.

ISO 27001 for Beginners

Tesco Bank Suffer Data Breach

Over the first weekend of November 2016, Tesco Bank saw its systems hacked into, with a reported 40,000 fraudulent transactions taking place.

Tesco Bank Suffer Data Breach