Adoption of ISO 27001
1. We have been told by a client (a bank) that we need to become ISO27001 accredited as a company to meet their security standards.
But we are only a small organisation and do not have in-house IT people.
Would you recommend we contract an IT consultant for some time and use your framework?
2. How do you work with clients like us? I’m not sure where to start.
Assign topic to the user
1. We have been told by a client (a bank) that we need to become ISO27001 accredited as a company to meet their security standards.
But we are only a small organisation and do not have in-house IT people.
Would you recommend we contract an IT consultant for some time and use your framework?
First is important to note that:
- ISO 27001 was designed to be applicable to organizations of any size and industry, so even if you are a small organization ISO 27001 can help you
- Information security goes much beyond the IT environment (you have to handle information security risk related to suppliers, employees, physical documents, etc.)
Regarding the implementation approach, there are three major options:
a) using your own personnel
b) hiring a consultant
c) using a DIY approach with external support
All of them have their advantages and disadvantages, considering time, cost, effort, and preservation of knowledge, and you should consider these factors to decide which approach is best for you.
These articles will provide you further explanation about ISO 27001:
- What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
- Four key benefits of ISO 27001 implementation https://advisera.com/27001academy/knowledgebase/four-key-benefits-of-iso-27001-implementation/
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
- Where to start from with ISO 27001 https://advisera.com/27001academy/knowledgebase/iso-27001-where-to-start-most-important-materials/
- 3 strategic options to implement any ISO standard https://advisera.com/blog/2016/04/11/3-strategic-options-to-implement-any-iso-standard/
These materials will also help you regarding ISO 27001:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
2. How do you work with clients like us? I’m not sure where to start?
Our ISO 27001 Toolkit follows the "DIY with external support" approach, and by which you stated about your business, it is the right solution for you. The templates in the toolkit are 90% completed and you only have to include the information about your organization and the specifics about the controls that will be used.
The templates have lots of comments that will help you including your information. And if you are stuck at any moment in the process, you can contact us through e-mail (there is no limit for how many emails you can send), or schedule online meetings with one of our experts.
Comment as guest or Sign in
Mar 14, 2020