ISO 27001
Information Security Management

Q: How long will the ISO 27001 certification take?

From your first visit through to certification, the process for a business to obtain ISO 27001 certification can be as quick as 45 days, although this does of course depend on the size and complexity of your business.

Q: How long does ISO 27001 certification last?

The initial certificate will last for one year and after a successful recertification audit, you will be issued a 3-year certificate. In order to maintain your certificate during this period, you are required to successfully undergo one mandatory audit a year.

Q: Is ISO 27001 a legal requirement?

ISO 27001 is not a legal requirement. However, it is highly advisable for businesses who frequently process and store data to ensure protection against information security risks. Furthermore, some suppliers will specify certification to ISO 27001 in their contracts.

Q: Who needs ISO 27001 and why is it important?

ISO 27001 is perfect for any organisation which wants to demonstrate their commitment to information security. The standard is applicable for startups, large organisations and everything in between.

Q: What is the latest version of ISO 27001?

The current version of ISO 27001 is ISO/IEC 27001:2013 which was released in 2013 and reviewed in 2019

Q: Can an individual be ISO Certified?

Individuals cannot be ISO certified.

What is ISO 27001?

ISO 27001 is the internationally recognised standard for Information Security which is published by the International Organization for Standardization (ISO). The standard provides the framework for an effective Information Security Management System (ISMS). It sets out the policies and procedures needed to protect organisations and includes all the risk controls (legal, physical and technical) necessary for robust IT security management.

ISO 27001 is designed to cover much more than just IT. An important part of the Standard concerns data security across all areas of a business; whether it is online or offline. The Standard is suitable for businesses of all sizes, from startups to larger organisations.

Why do organisations get certified?

What is ISO 27001?

A graphic of a white tick on a grey circle

Benefits

Cost

Requirements

Process

FAQs

Further details

Why do organisations get certified?

By achieving ISO 27001, companies are showing a commitment to ensuring that adequate security controls are in place to protect information and data from being accessed, corrupted, lost or stolen. Through ISO 27001 certification, companies can demonstrate compliance with internationally recognised standards of information security.

0333 344 3646

UK team 8am - 5pm

Contact us

Live chat

Get a quote

ISO 27001 Benefits

Compliance: An Information Security Management system demonstrates your compliance with internationally recognised standards of information security, helping you to fulfil your legal obligations and comply with regulations (e.g. SOX).
Confidentiality: It keeps confidential information secure by putting in place robust security policies and access management, allowing for the secure exchange of information
Risk management: The Standard manages and minimises risk exposure, providing customers and stakeholders with confidence in how you manage risk.
Customer satisfaction:It enhances customer satisfaction which improves client retention.
Culture of security: Businesses get buy-in from your employees and stakeholders, building a culture of security
All-round-protection: It protects the company, assets, shareholders and directors.

How much does ISO 27001 certification cost?

The cost of the certification and the implementation of the Information Security Management system depends on several factors.

These include:

Your company's sector
Annual turnover
The number of employees
We would also need to know if you require industry-specific accreditation (such as ASCB or UKAS).

Get an instant quote Read more about how much ISO 27001 costs

ISO 27001 Requirements

The standard uses a structure of ten clauses called Annex SL which when grouped cover the following four areas:

Management Responsibility - the areas within the ISMS that your management team need to focus on, be involved with and be accountable for
Resource Management - how resources such as people, infrastructure and facilities must be assigned to ensure the best possible performance
Information Security - details on how your business will operate in order to ensure that your systems and assets remain protected from unauthorised access or loss
Measurement, Analysis and Improvement - how you can determine if your Information Security Management System is working as expected, facilitating the continual improvement of your system

Frequently Asked Questions

How long will the ISO 27001 certification take?

How long does ISO 27001 certification last?

Is ISO 27001 a legal requirement?

Who needs ISO 27001 and why is it important?

What is the latest version of ISO 27001?

Can an individual be ISO Certified?

Find out more

How have businesses benefited from ISO 27001?

Client Testimonials of QMS and the ISO Certification Process

A quality company to deal with
We have been using QMS for many years now and regardless of our needs we have always found them to be thorough, helpful and friendly. Their knowledge on the subject of ISO standards is second to none and their advice is always first class. I would have no hesitation in recommending them for all your ISO 9001 and ISO 27001 requirements.
Anthony Ryan, Technical Manager. Origin Storage Limited

Originally posted on

Excellent expert service while remaining flexible to our needs
I was pleasantly surprised by the ISO 27001 process as our consultant documented our ISO 27001 security controls after having discussed each element to ensure the controls were relevant and appropriate for our business.
Roger Haddon, Managing Director. Knowledge Powered Solutions Limited

Originally posted on

The Certification Process

Getting certified is quick and straightforward. Our expert consultants will work with you and your business to make the process as simple and easy as possible – highlighting and assisting you in making the necessary improvements to your current business processes.

Our 3 stage certification process ensures that you are assisted along every step in the process, and we even create your ‘Documented Information Security Management System’ for you, saving you time and money.

The Head of Certification at QMS discusses ISO with a QMS client

1

Gap Analysis

A QMS Consultant will visit your Organisation to review and document your current processes and procedures, highlighting any areas that do not meet the requirements of the Standard.

2

Implementation

Now it's time to make sure any required process or procedural changes are made, as highlighted in the Review. QMS can provide templates to assist you in doing this.

3

Certification

An Auditor must now visit your Organisation to check that the documented processes are being followed and that the necessary changes have been made. Once they are satisfied, you will be awarded your certification.

Once you have achieved certification the certification cycle will commence. This is made up of surveillance and re-certification audits, one of which must take place each year, around the anniversary of your certification. These visits confirm your continued compliance with the ISO 27001 Standard and verify the validity of your certification.

Your all-in-one Management System Solution

QMS Connect delivers all the tools you need to achieve and maintain ISO compliance.

With simple navigation, real-time reporting and the ability to modify and update content on the go, QMS Connect keeps you in control. Accessible online via your computer, tablet or smartphone 24 hours a day, QMS Connect helps you manage your ISO Management System in real-time.

QMS Connect helps engage your teams, so that you can capture data that will drive business decisions – increasing repeat business, reducing customer complaints and ultimately saving you both time and money.