ISO 27001 Certification
Information Security Management

Q: Who needs ISO 27001 and why is it important?

ISO 27001 is perfect for any organisation which wants to demonstrate their commitment to information security. The standard is applicable for startups, large organisations and everything in between.

Q: What are ISO 27001 requirements?

There are four main groups of requirements for ISO 27001. The first set of requirements focus on management responsibility, the areas of your information management system in which your senior leaders need to be involved with. The second set of requirements focus on the management of resources; in other words, how you organise your staff, business infrastructure, facilities and equipment. The third group of requirements revolve around information security, which requires you to develop processes that protect both physical and digital information assets. The last group of requirements focus on measurement, analysis and improvement. This last set requires you to put in place processes that allow you to assess how well your management system is working, and what you can do to improve it.

Q: Is ISO 27001 a legal requirement?

ISO 27001 is not a legal requirement. However, it is highly advisable for businesses who frequently process and store data to ensure protection against information security risks. Furthermore, some suppliers will specify certification to this ISO in their contracts.

Q: How long will the ISO 27001 certification take?

From your first visit through to certification, the process for a business to obtain ISO 27001 certification can be as quick as 45 days, although this does of course depend on the size and complexity of your business.

Q: How long does ISO 27001 certification last?

The initial certificate will last for one year and after a successful recertification audit, you will be issued a 3-year certificate. In order to maintain your certificate during this period, you are required to successfully undergo one mandatory audit a year.

Q: What is the latest version of ISO 27001?

The current version of ISO 27001 is ISO/IEC 27001:2022.

Q: Can an individual be ISO Certified?

Individuals cannot be ISO certified.

ISO 27001 is the internationally recognised Standard for Information Security which is published by the International Organization for Standardization (ISO). The Standard provides the framework for an effective Information Security Management System (ISMS). It sets out the policies and procedures needed to protect organisations and includes all the risk controls necessary for robust IT security management.

ISO 27001 certification is designed to cover much more than just IT. An important part of the ISO 27001 Standard concerns data security across all areas of a business – whether it’s online or offline. ISO 27001 certification is suitable for businesses of all sizes, from startups to larger organisations. With new changes to ISO 27001 being recently implemented, it’s important to make sure your business stays compliant with the latest changes and gets ahead of any cyber threats your organisation may face.

ISO 27001
Benefits

ISO 27001
Cost

ISO 27001
Requirements

ISO 27001
Process

ISO 27001
FAQs

ISO 27001
Further Details

What is ISO 27001?

Getting certified for ISO 27001 requires the development of an information security management system that meets all the requirements of the ISO 27001 Standard. With Citation ISO Certification by your side, we can help you meet all the requirements of the Standard in three simple steps.

Getting to grips with the gaps

We’ll spend some time with you carrying out a gap analysis to see how your current processes and procedures match up to the requirements of the ISO 27001 Standard. And we’ll collect details of the areas that already do so we can create your bespoke management system for you in our smart online hub, Atlas.

Getting up to Standard

Now it’s time to make any changes. With handy reminders to help you keep on track of tasks and editable templates at your fingertips, you can make sure all the records you need are in place to achieve certification.

Getting ISO certification

An ISO auditor will check you’ve addressed any gaps correctly and that you’re following the documented processes. Once everything is in place, you’ll be recommended for certification. Your new certificate and certification marks will be ready to download from Atlas.

We can now offer certification to ISO 27001:2022, so if you want to protect your business from evolving digital threats and strengthen your security, then get in touch and request a quote today. We can also upgrade your current management system to ensure compliance, discover more about our ISO 27001:2022 certification in our blog post.

What is ISO 27001 certification?

FIND OUT MORE ABOUT ISO 27001

The benefits of ISO 27001

Here are the top benefits of using the ISO 27001 framework:

Compliance: An Information Security Management system demonstrates your compliance with internationally recognised standards of information security, helping you to fulfil your legal obligations and comply with regulations (e.g. SOX).
Confidentiality: It keeps confidential information secure by putting in place robust security policies and access management, allowing for the secure exchange of information
Risk management: The Standard manages and minimises risk exposure, providing customers and stakeholders with confidence in how you manage data security risk.
Customer satisfaction: Through improved information security measures you can enhance customer confidence and satisfaction which leads to improved client retention.
Culture of security: Businesses get buy-in from your employees and stakeholders, building a culture of security
All-round-protection: With greater awareness of security obligations and improved security practices it helps protect the company, assets, shareholders and directors.

How much does ISO 27001 cost?

Prices for ISO 27001 certification will vary based on the size and complexity of your business.

To receive your personalised quote, simply fill in your details on the calculator below.

Complete the calculator to receive your instant quote

Prefer to talk face-to-face?

If you’d prefer a no-obligation video conference call, please call 0333 344 3646

The requirements of ISO 27001

The Standard uses a structure of ten clauses called Annex SL which when grouped cover the following four areas:

Management Responsibility – the areas within the ISMS that your management team need to focus on, be involved with and be accountable for
Resource Management – how resources such as people, infrastructure and facilities must be assigned to ensure the best possible performance
Information Security – details on how your business will operate in order to ensure that your systems and assets remain protected from unauthorised access or loss
Measurement, Analysis and Improvement – how you can determine if your Information Security Management System is working as expected, facilitating the continual improvement of your system

Frequently asked questions

Who needs ISO 27001 and why is it important?

What are ISO 27001 requirements?

Is ISO 27001 a legal requirement?

How long will the ISO 27001 certification take?

How long does ISO 27001 certification last?

What is the latest version of ISO 27001?

Can an individual be ISO Certified?

How can we help your business to become ISO 27001 certified?

Our process helps your business to become ISO 27001 certified for success:

Expert

Our nationwide team of consultants and auditors has provided certifications to clients ranging from SMEs to blue chip organisations across a broad spectrum of verticals and industries.

Affordable

Our processes add value at every stage, without taking up unwarranted management time. We commit to providing you with the best possible value for money – including a price promise from the outset, along with the ability to stagger payments at no extra cost.

Simple

We remove the red tape and paperwork for you, making the process as smooth and uncomplicated as possible, and ensuring you get the framework that works for you.

GET YOUR FREE QUOTE

WOrking at desk with laptop, paper, tea and cake

How have businesses benefited from ISO 27001?

I was pleasantly surprised by the ISO 27001 process as our consultant documented our ISO 27001 security controls after having discussed each element to ensure the controls were relevant and appropriate for our business.

Roger Haddon, Managing Director, Knowledge Powered Solutions Limited

[The Consultant] was so patient and informative as he took us through the experience of ISO 27001. It was a pleasure to work with such a professional person who took the time to explain in detail what was required and especially when it needed a little further breaking down.We rate this visit and [his] expert advice and support as excellent and the offer of after support from [the Consultant] was well received.Thank you for the consultancy and we look forward to working with QMS into the future.

John Hood, Managing Director, IMT Medical Transport Limited

3 Steps to Certification

With our help, the certification process can take as little as 45 days to complete

Getting to grips with the gaps

We’ll spend some time with you carrying out a gap analysis to see how your current processes and procedures match up to the requirements of the ISO Standard. And we’ll collect details of the areas that already do so we can create your bespoke management system for you in our smart online hub, Atlas.

3 Step Certification

Learn More

Getting up to Standard

Now it’s time to make any changes. With handy reminders to help you keep on track of tasks and editable templates at your fingertips, you can make sure all the records you need are in place to achieve certification.

3 Step Certification

LEARN MORE

Getting ISO certification

An ISO auditor will check you’ve addressed any gaps correctly and that you’re following the documented processes. Once everything is in place, you’ll be recommended for certification. Your new certificate and certification marks will be ready to download from Atlas.

3 Step Certification

Learn More

Once you have achieved certification the certification cycle will commence. This is made up of surveillance and recertification audits, one of which must take place each year, around the anniversary of your certification issue date. These visits confirm your continued compliance with the ISO Standard(s) and enable us to verify the validity of your certification.

Please note: Inspections carried out by Citation ISO Certification specialists may be performed onsite or remotely. Your appointment coordinator will advise which type of visit is required for your organisation and provide full guidance on what you can expect to happen on the day.

Your all-in-one management system solution

Formerly known as QMS Connect, Atlas ISO delivers all the tools you need to achieve and maintain ISO compliance.

With simple navigation, real-time reporting and the ability to modify and update content on the go, Atlas keeps you in control. Accessible online via your computer, tablet or smartphone 24 hours a day, Atlas ISO helps you manage your ISO Management System in real-time.

Atlas helps engage your teams, so that you can capture data that will drive business decisions – increasing repeat business, reducing customer complaints and ultimately saving you both time and money.

FIND OUT MORE ABOUT ATLAS ISO

ISO 27001 Resources

Understanding ISO 27001

Learn everything there is to know about the ISO 27001 Standard, from internal and external benefits through to understanding the structure of the system and what is means to implement it within your business.