ISO 27001 Certification Summary


As industry leaders, you can trust us to take you through the process in the best way possible, just like we do for thousands of clients each year. Our UKAS accreditation ensures quality throughout, many clients tell us this is a key reason why they choose us. So you know you’re getting a fair deal, our award-winning approach includes a Fixed Fee Guarantee and Price Match Promise. As champions of small businesses, we also spread the cost over interest-free staged payments – just another reason why 99% of our clients recommend us.

Benefits of Certification Benefits of Certification

There are a number of reasons why ISO 27001 has grown to become so popular in recent years. Just some of these include:

  • Proving to clients you keep their information secure
  • Achieving operational excellence
  • Minimising risks to potential data security breaches
  • Protecting your reputation
  • Reducing errors and costs
  • Increasing business profitability
  • Engaging your staff
  • Demonstrating credibility and trust

The Process The Process

Are you new to ISO 27001? No problem! We take 1,000s of organisations through the certification process every year.

STEP 1 – PREPARATION You’ll need to buy a copy of the standard from ISO – this includes all of the requirements you must adhere to – as part of the standard requirements. Your dedicated Assessor will get in touch to set the scene and get you thinking about how best to get prepared so you can complete certification in record time and start reaping the rewards.

STEP 2 – FIRST ASSESSMENT There is no pressure for the first ‘Stage 1 Assessment’; you will be surprised what you already have in place prior to us visiting. Whilst we’re not permitted to provide consultancy – so that we maintain impartiality – the unique template toolkit we have developed makes certification achievable with no previous experience.

STEP 3 – SECOND ASSESSMENT When you are ready, your Assessor will visit you again for a ‘Stage 2 Assessment’, you’ll be told the result on the day. Once our compliance team have reviewed your report, we will confirm your certification. You will then be sent your certificate, alongside those all-important logos. Our marketing team is always on hand to help you spread the news about your success.

STEP 4 – ANNUAL ASSESSMENT ISO 27001 is so respected because of its requirement for continuous enhancement, this involves a commitment to being assessed every 12-months. We will contact you to arrange a quotation in plenty of time for you to decide. For those with current certification, we’re pleased to offer our Transfer Switching service.




Cost Cost

OHSAS 18001 has emerged as the preferred standard and according to Cork University's study, less than half the cost of rival schemes.

WHAT WILL IT COST? The cost of certification is ultimately decided by factors such as the organisation’s size, its industry and the number of branch locations. Regardless of the organisation’s size, we will always quote a guaranteed Fixed Fee for certification, you will know all the costs upfront and there’s no hidden fees. We will never ask you to sign a long-term contract. Also, to smooth cash-flow, we provide a 3 interest-free payment structure.

WHAT’S INCLUDED? To enable you to immediately reap the rewards, we will provide you with a Letter of Commitment once you start the process. You will meet your Assessor who, together with your Account Manager, will be with you throughout the entire process. With our free toolkits and online training, our approach has allowed 1,000s to achieve hassle-free certification in just a few months.

Success Stories Success Stories

Positive Images (UK) Ltd

ISO 27001

  • Existing procedures put to the test against ISO standards
  • ISO 27001 process greatly enhances existing data security controls
  • ISO certifications help to attract new clients and business
  • Now meeting tender requirements as a direct result

Positive Images UK is an independently owned company providing commercial print and direct mail for clients in the retail, health, financial, media, charity and public sectors as well as creative agencies and print management companies.

Read More Download


ISO 27001

  • Provides evidence of complying with the IT security elements of GDPR
  • Allows for wider availability within public sector organisations
  • Manages the risk of storing valuable digital information

"The entire certification journey to implement ISO 27001 was simple and easy to navigate. We were able to move seamlessly through each stage. Overall, implementing ISO 27001 has been a positive experience that has benefited our business."

Read More Download

Get a Quote

To help us prepare the best quotation for you, please complete the form below. We'll get back to you as soon as possible; but if you need immediate assistance, please call 0800 404 7007. (Please note we're open 9:00 - 17:30 Monday to Friday.)

Choose service

We will never share your details with others.


If you’d like to learn more about this accreditation, the process and how the British Assessment Bureau can help you, check out these handy FAQs:

  • You don’t have to use a consultant to achieve certification. In fact, most of our clients don’t use one. But if you’d like to use a consultant, that’s ok too! If you need help in locating an ISO consultant we’d be happy to help, just give us a call on 0800 404 7007

  • Yes, and you don’t have to wait until renewal date, you can transfer at any time. Please be aware that you will be required to start the process from the beginning, ensuring you are meeting UKAS’ standards.

  • Providing that you have an annual surveillance audit, your certificate will last for 3 years from the start date. If you do not have an annual audit your certificate will not be valid.

  • No, but you’ll need a designated representative or co-ordinator who’ll take responsibility in your organisation.

  • Don’t worry. Our ongoing commitment to you is to make sure you don’t forget it! We’ll be keeping in touch with you to make sure that everything is going well after certification. Then we’ll be in touch 3 months before your audit is due to arrange a visit date.

  • We are allowed to provide:

    - Generic templates from our extensive toolkit.
    - Training – either in-house or on our regular courses. We have a list of available dates and venues throughout the UK right here.
    - Advice and guidance from our Assessors throughout the entire process.
    - A Gap Analysis service designed to show you what needs to be done to get you to become an ISO certified company.

  • This is dependent on the structure of the organisation. Sometimes you’ll only need to protect the aspect of your business which protects client data.

What is ISO 27001? What is ISO 27001?

ISO 27001 is the standard created by the International Organization for Standardization (ISO) which deals with Information Security Management. It’s a way of making sure that you’re managing information security risks effectively. ISO 27001, isn’t new. It can be traced back to the British Standard 7799, published in 1995. Originally written by the DTI, after several revisions ISO turned it into an internationally recognised standard. The aim of the ISO 27001 standard is to help companies to establish and maintain an effective Information Security Management System (ISMS), using a continual improvement approach. You’ll systematically examine any risks to the organisation’s information security and put in place policies & procedures to manage those risks. The intention is that an organisation should design, implement, maintain and continually improve a set of controls and measures to manage any threats to its information assets.

Why choose ISO 27001? Why choose ISO 27001?

Because of the demand for ISO 27001 by central government and local authorities, it’s unsurprising that most organisations want to implement ISO 27001 because it gives them a greater chance of winning tenders for contracts. In fact, some organisations say they simply would not have been eligible to tender without it.

Why choose ISO 27001?

8 Reasons to get certified 8 Reasons to get certified

If you’re not already convinced as to why you should elect to apply for an ISO 27001 certification, follow this list of eight reasons why it’ll serve to massively help.

  • Bringing in new business
  • Reducing financial loss
  • Supply chain assurance
  • Improved processes
  • Continual improvement
  • Risk management
  • Satisfying stakeholders
  • Global acknowledgement

How long does certification take? How long does certification take?

It usually takes between 3-6 months, but this depends on the size of the organisation and how many sites they have. Smooth implementation is helped greatly by management’s buy-in and an ISO 27001 champion to take responsibility for achieving certification. Don’t worry, in most cases the principals of ISO 27001 will soon become integrated within your business, and before you know it, it’ll just be the way you do things!

ISO 27001 History ISO 27001 History

The ISO/IEC 27000 series consists of information security standards published by the International Standards Organisation (ISO) and the International Electrotechnical Commission (IEC). The series is designed to give best practice recommendations on information security management including risks and controls within the context of an overall Information Security Management System (ISMS), in a similar way to management systems for quality assurance (ISO 9000) and environmental protection (ISO 14000).


There are seven published standards within the ISO 27001 family, with ISO 27001 being the standard organisations can be certified to. ISO 27001 can be traced back to the British Standard 7799, which was published in 1995. Originally written by the DTI, after several revisions ISO took it on as ISO/IEC 17799.


There was a second part to BS 7799 which formed the implementation of an ISMS. This element was what ISO 27001 became in November 2005 (therefore named ISO 27001:2005). In the same year ISO 27001 was published, a third aspect of BS 7799 was released. This covers risk analysis and management, aligning with the ISO 27001 standard. The basic objective of the ISO 27001 standard is to help establish and maintain an effective information management system, using a continual improvement approach. It implements OECD (Organisation for Economic Cooperation and Development) principles, governing security of information and network systems.


In October 2013, the latest revision of the standard titled ISO 27001:2013 was published. Based on ISO’s new high-level Annex SL structure, it is designed to be even more compatible with other Management System Standards. The update also takes into account the changing world of information security, where cybercrime, cloud computing and smartphones have altered the landscape considerably. More than ever, it is recognised as the best practice standard for demonstrating information security credentials. There is a now a new European version of the standard called ISO/IEC 27001:2017 which incorporates two corrected items in Clause 6.1.3 and Annex A control 8.1. Because this is at a European and not international level, certification bodies remain issuing certificates to ISO 27001:2013. However, clients can request and be issued certificates to ISO/IEC 27001:2017 if required.



Knowledge Bank

Discover the latest industry news and helpful ISO inspired business guides.

ISO 27001 for Beginners

The ISO 27001 Information Security Management standard is a way of ensuring you'e managing your risks effectively. Read on for an introduction to the standard.

ISO 27001 for Beginners

Tesco Bank Suffer Data Breach

Over the first weekend of November 2016, Tesco Bank saw its systems hacked into, with a reported 40,000 fraudulent transactions taking place.

Tesco Bank Suffer Data Breach

EU Data Protection Law

The General Data Protection Regulations is set to come into place in 2018. Find out what the modifications entail and how they will effect UK businesses.

EU Data Protection Law

ISO 27001 is growing – here’s why

Information security has been a hot topic during 2016, particularly cyber crime. We show how this has led to many adopting the ISO 27001 standard.

ISO 27001 is growing – here’s why