We are are a software development firm with 10 staff. One of our prospect has required us to be certified to ISO 27001. We understand the need to formalize and put in place new processes and procedures but certainly do not wish to place more overheads than is absolutely necessary. How would you advise a company like ours.
Certainly, it is possible to implement ISO 27001 in a small company without causing too much overhead. Advisera is specialized on supporting small and medium size organizations on the implementation of ISO management systems, ISO 27001 among them. For that purpose we developed toolkits with the minimum documentation required for certification, so organizations are not overhead with its maintenance. The templates are more than 80% complete, and you have only to adjust them considering your organizations needs. Comments included in each template will guide you on which content can be changed or deleted to fulfill your needs, and which content must be kept to ensure compliance with the standard.