Compliance with international standards isn’t for nothing – it’s a concrete display of trustworthiness, conscientiousness, and security. For the first time since 2013, the ISO 27001 criteria are receiving significant updates in order to reflect the significantly changed landscape of organisations, information technology, and digital security. The new standard’s as close to an overhaul as an International Standard can have – and the changes are no walk in the park.
Are you sure your organisation’s ready for the hike?
What is ISO 27001 certification?
ISO 27001 is the International Standard for Information Security Management Systems (ISMS), which many organisations, large and small, now expect to see in place. This standard focuses not only on the technical aspects of information security (laptops, servers, etc), but focuses on people, premises, processes, systems, and suppliers.
Why is this important?
In an increasingly virtual world, being able to demonstrate that you can be trusted has never been more important. ISO 27001 helps you build that trust and can be the difference between winning and losing a bid – even if you know your systems are secure! The standard is now seen as the baseline requirement for good Security Management, so many organisations won’t consider escalating a bid unless ISO 27001 is met. It can also help you demonstrate compliance to legal and regulatory frameworks like the UK Data Protection Act and the EU GDPR. It’s a clear marker you take Data Protection and Security seriously.
How we can help you?
Our consultants have a wealth of experience in designing, developing, and managing security compliance programmes for the ISO 27001 standard. We remove the complexity of the management system while staying up-to-date with changes and jargon. All the while staying up-to-date with changes in legislation and security requirements, so that you don’t have to. The ultimate result is a security framework that works for you, not against you.
Achieving ISO 27001 Certification
While the ISO 27001 criteria apply in the same broad sense to every business, every business’ circumstances are unique to them. So we tailor our service to each individual organisation so that what used to seem daunting is now a mostly pleasant walk to full certification. We’re there to take the pain out of the process while helping you reap the benefits of being certified.
From the very first meeting through to the final certification audit, we work to understand you, develop processes that work for you, and create a framework that fits perfectly with your business. During the process, we develop all the documents, processes, and records you need, and provide the skills and expertise you need to successfully achieve ISO27001 certification. Contact us >
Is ISO 27001 a Complex Framework?
Yes, ISO 27001 is a complex corporate security framework, but that doesn’t mean your processes need to be complicated. We know how to build the information security management framework that puts you at its core. Yes, there is documentation that needs to be in place, but that doesn’t mean it needs to be overly complicated. Our skill is in making the complex simple. We understand what ‘good looks like’ and we know what the standard is looking for. Nothing worth doing is easy, but we are there to take the burden and help you on this journey. So let’s get started… Contact us >
What changes are coming to ISO27001?
The full changes haven’t been revealed yet but, as it stands, they look like they’re going to be quite dramatic. For starters, the control and domain groups have been significantly condensed: from 114 controls to around 93.
And this isn’t just a case of condensing more controls into fewer, a number of them have actually been cut because they’re no longer relevant to business security. Important new controls have been added that include things like:
These are only a few of the changes – and you can read about them all here.
Are we worried about the changes?
The only constant in the world is change. But these changes are evolutionary rather than revolutionary. The coming changes will help you as an organisation make better choices with your security – saving you time and money. While it’s a turbulent time on paper, we’re always looking to be at least one step ahead of changes. We’ve been aware of these changes for a long time, and our proactive approach ensures our clients are as secure as they can be – letting them focus on running their business rather than running after security flaws.
Summary of Changes
View the full list of changes taking place with ISO 27001.
In this increasingly interconnected world, security can no longer be an afterthought. Your business, and your customers, deserve strategic security solutions. Learn more >
From managed cloud hosting to colocation services, Cyberfort takes the same approach to cloud as we do with everything else: security first. Learn more >