Cyber Essentials

Answer: Your decision will depend mostly on your organization's objectives and you current security level. Cyber essentials is more focused on controls implementation to enhance cyber security, while ISO 27001 is a management system standard focused on the implementation, maintenance and improvement of information security in all environments an information is handled (e.g., information systems, paper based information, etc.). Cyber essential will be quicker to implement, but ISO 27001 can provide you better results in the long term.

Consider performing a security diagnosis first. If your current situation is considered acceptable regarding your objectives, the best course of action may be implementing ISO 27001 first, using cyber essential during the implementation control phase of ISO 27001 implementation. If your situation is considered not acceptable you may go for cyber essentials first and after that start the ISO 27001 implementation.

This articles will provide you further explanation about ISO 27001:
- What is ISO 27001? https://advisera.com/27001academy/knowledgebase/what-is-iso-27001/
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/

These materials will also help you regarding ISO 27001:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/