What is ISO 27001?
ISO 27001 or ISO27001 is an International Information Security Management System standard.
The system helps you determine, design and control your own records and documents.
The standard does not require you to use a specific set of templates for these documents, nor is there any set of ready templates that could suit your business perfectly. The implementation of ISO depends entirely on your business type and processes.
For this reason, all of the documentation has to be tailor-made for you.
You can either design and implement the ISO IMS in-house or hire a consultant to do it for you.
Is the ISO 27001 certificate right for you?
A lot of small business owners think that only large enterprises should get an ISO certificate.
There is no limit to the number of employees. An 8-person small business will benefit just as much as a 800-person plant.
ISO 27001 is designed to be suitable for any organisation regardless of its type, size and industry.
How does an ISO 27001 certificate help your business?
Considering the commitment in time and money, a lot of small business owners are worried about even getting started.
So, why invest in an ISO 27001 certificate? Here are a couple of reasons:
- You're looking to tender for large projects or apply for public sector contracts. The ISO 27001 certificate is a pre-requisite for most of these projects.
- You're looking to become a supplier for a large company. Most of these companies require ISO 27001 certification.
- You want to remain competitive. If a customer is choosing between you and your competitors, a certified business is much more likely to win the contract.
- You want to prove you're a trustworthy and established business. Your customers will be much more likely to trust you, if your organization is actually certified for quality.
- Your customers became ISO certified. They will soon request that you also become certified because this helps them guarantee the quality of their products.
- You want to backtrack defects. You know it will only take a couple of untraceable defects on your product that have no point of tracking from design to development to production to set your SMB out of business.
- You want to reduce costs incurred by scraps and rework.
- You want to increase profit by attracting more customers. An ISO 27001 certificate reassures your customers that you care about maintaining and improving the quality of your products. As a result, they are more likely to want to do business with you.
- You want repeat business with your existing customers. The IMS that ISO 27001 will help you implement will make sure your existing customers are happy with your products and recommend you.
- You want to gain market share. Whenever you're competing with a non-certified business, a potential customer is more likely to trust your company.
- You want to reduce your company's insurance premiums.
If you nodded while reading any of these, then your business will benefit from an ISO 27001 certificate.
Isn't ISO 27001 just bringing in unnecessary paperwork?
You might have heard horror stories about small businesses trying to get ISO 27001 certified and quitting halfway because they "couldn't cut through the fat".
Some of these people tried to prepare all the necessary documentation themselves. Others hired consultants who didn't take the time to listen and understand how the business functions.
In either case, the fault is not in the ISO 27001 standard itself.
The fault is in how the requirements of the standard were implemented.
Truth is, the ISO 27001 standard is a fat-trimmer itself. It's designed to:
- increase output by reducing the number of necessary tasks for manufacturing a product
- reduce costs incurred by defects,scraps and rework. It puts in place a strict Information Security Management System
- improve quality by doing regular internal audits and ensuring the Information Security Management System is being used
- address potential problems before they occur as opposed to adopting a fire-fighting practice
- identify poor supplier performance and rectify it
- help you increase customer satisfaction by closely monitoring the feedback from customers and backtracking defects
- help employees with clear directions which reduces the chance of mistakes and thus reduces costly reparatory time
The point of complying to the ISO 27001 quality standard is to reap these internal benefits for your organization. It's not just an expensive piece of paper to hang on your wall and use as a marketing tool.
The increase in profit you will see is not due to the fact that you have the certificate, but to the fact that you manufacture high quality products faster and keep your customers happy.
The ISO 27001 certificate has become part of the international language of business nowadays
It is internationally recognized and it has become the most widely used model of a Information Security Management System.
ISO is such a popular certificate because it provides a common ground for organizations regardless of their geographic location or language. It's a sign of trust that is understood and appreciated all over the world.
The time to start working on your ISO 27001 certification is now
Sooner or later your competition will get the certificate and you will be forced to get certified, if you want to remain in business.
At some point you might want to apply for a tender only to discover that an ISO certificate is required.
At some point you might want to work with a large company that requires you to be certified.
How do you get an ISO 27001 certificate?
- First, you need to design and implement an ISO 27001 Quality Manual. You can do this yourself or hire a consultatnt.
- You will undergo a first stage audit. The auditor will check if your written Information Security Management Systems meets the requirements of the ISO 27001 Standard. They will point out any areas of deficiency and potential improvement of the system. This is usually done by a third-party.
- You have to find an accredited ISO 27001 certification body. Ther are many of them. Normally, you have to contact them individually, but we can help you with 3 free quotes from certification bodies.
- Your organization undergoes second audit. The auditor will check that you are working by the requirements of Information Security Management Systems and the ISO 27001 Standard. This audit is done by the accredited certification body of your choice.
- Regular Internal Quality Auditing. Because the ISO 27001 standard is about continuous improvement, you need to perform regular internal audits or hire someone to do this for you. By doing these internal audits you will be ready for the annual audits that the certification body will do on your organization.
We can stay with you all the way through ISO 27001 certification and maintenance
Our consultants can guide you from getting the initial documentation ready into implementing a Information Security Management System, finding a certification body and performing internal audits after certification.
Whether you're just getting started with ISO 27001 or you're already certified, we can help.