IT Managed Service Providers
1. Is there an ISO certification we should look at?
2. What would be involved to get certified and what sort of costs would we expect?
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
1. Is there an ISO certification we should look at?
Please note that ISO certifications are not mandatory by themselves, although some countries have established laws and regulations that are easier to be fulfilled by adopting them, and an increased number of customers are preferring ISO-certified organizations as suppliers because they consider such organizations are more capable to help them.
Considering that, you need to evaluate your legal environment and customers’ profile to see if an ISO certification is interesting to you.
Broadly speaking, IT Managed Service Providers, should consider the following certifications:
- ISO 20000: related to the management of IT services
- ISO 27001: related to the management of information security
- ISO 9001: related to quality management
These standards share many common requirements, so you can implement them in an integrated way.
These articles will provide you a further explanation about ISO standards:
- What is ISO 27000? https://advisera.com/20000academy/what-is-iso-20000/
- What is ISO 27001? https://advisera.com/27001academy/what-is-iso-27001/
- What is ISO 9001? https://advisera.com/9001academy/what-is-iso-9001/
This article can provide you a customer point of view (the same general concept applies to all ISO management standards):
- Why is it important for your hosting partner to be certified against ISO 27001? https://advisera.com/27001academy/blog/2019/07/02/iso-27001-for-hosting-companies-what-are-the-main-benefits/
2. What would be involved to get certified and what sort of costs would we expect?
After the implementation of documents and controls required by the specific standard, you need to make sure that everyone in the company is complying with documents, i.e., performing all the activities prescribed there. After that, you can work on selecting your certification body.
Our toolkit can help you with the implementation:
- ISO 27001 Documentation Toolkit https://advisera.com/27001academy/iso-27001-documentation-toolkit/
These articles will provide you a further explanation about the ISO 27001 implementation process:
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
- How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/2011/how-to-prepare-for-an-iso-27001-internal-audit/
- Why is management review important for ISO 27001 and ISO 22301? https://advisera.com/27001academy/blog/2014/03/03/why-is-management-review-important-for-iso-27001-and-iso-22301/
Regarding costs, without detailed information about the certification scope it is not possible to give you a precise answer, but broadly speaking, what I can tell you is that these are some cost issues you should consider:
- Training and literature
- External assistance
- Technologies to be updated/implemented
- Employee's effort and time
- The certification process
These materials can provide you more information:
- How much does ISO 27001 implementation cost? https://advisera.com/27001academy/blog/2011/02/08/how-much-does-iso-27001-implementation-cost/
- 5 ways to avoid overhead with ISO 27001 (and keep the costs down) https://advisera.com/27001academy/blog/2012/06/2019/5-ways-to-avoid-overhead-with-iso-27001-and-keep-the-costs-down/
- How to Budget an ISO 27001 Implementation Project https://info.advisera.com/27001academy/free-download/how-to-budget-an-iso-27001-implementation-project/
- Which questions will the ISO 27001 certification auditor ask? https://advisera.com/27001academy/blog/2015/07/20/which-questions-will-the-iso-27001-certification-auditor-ask/
For the duration of the implementation:
- How long does it take to implement ISO 27001 / BS 25999? https://advisera.com/27001academy/blog/2011/11/08/how-long-does-it-take-to-implement-iso-27001-bs-25999/ - Please note that this is the timing that is needed for companies that use our toolkits.
These materials will also help you regarding ISO 27001 project:
- ISO 27001/ISO 22301: The certification process [free webinar on demand] https://advisera.com/27001academy/webinar/iso-27001iso-22301-certification-process-free-webinar-demand/
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Mar 02, 2021