empty

What is ISO 27001 Certification? 

 

ISO 27001 is the International Standard for Information Security Management. We are JAS-ANZ accredited to provide certification to this standard. We can also provide certification for ISO 27017, Security Controls for Cloud Services.  

ISO 27001 is enables organisations to:

  • Show commitment to ensuring that adequate security controls are in place to protect information and data from being accessed, corrupted, lost or stolen.
  • Tender for work by being able to declare conformance with the standard, including government contracts.
  • Have assurance and formal recognition that your company conforms with the required laws and regulations.
  • Provide evidence of conformance to interested stakeholders, including enhancement of your reputation as a committed partner, contractor or supplier.
  • Establish and inspire customer confidence in your products and services.
  • Create a competitive advantage and marketing opportunity

Using an ISO 27001 management system will help your organisation manage the security of assets from cyber threats to protect financial information, intellectual property, employee details and other information entrusted to you. The system promotes efficient management of sensitive corporate information, highlighting weaknesses to ensure it is adequately protected against potential threats. It incorporates people, processes and IT systems. ISO 27017 is specific to cloud based services, however uses similar framework to ISO 27001. 

An ISO 27001 Information Security Management System / ISO 27017 system will need to be fully developed and implemented prior to a certification assessment. Read more on the certification process


What are the Minimum Requirements?

The ISO 27001 standard defines the requirements in the following seven segments:

  • Context
  • Leadership
  • Planning
  • Support
  • Operation
  • Evaluation
  • Improvement

To see how your company compares to the standard, use our FREE ISO 27001 pdf Gap Analysis Checklist.



ISO 27001 Consultants

If you find your business does not meet the minimum requirements outlined above, one option to develop and implement your Information Security Management System (ISMS) is to engage a Management Consultant.

An ISO 27001 consultant will conduct a review of your current procedures and help to identify any areas for improvement that can be adopted into your business.

Our affiliate company, Next Practice, has a list of trusted consultant services that can assist in your business’s management systems. Please get in touch on 1300 402 602 or contact us to learn more.


What are the Assessment Costs?

As part of our JAS-ANZ requirements, certification fees vary and are dependent on several factors including your company size, company locations and scope of operations.

We will provide you with initial cost estimates within one business day. We would love to hear more about your business! Please reach out to our Business Development team on 1300 402 602 or contact us.


ISO 27001 & ISO 9001 Integration

ISO 27001 and ISO 9001 (Quality Management Systems) can be integrated, and for many organisations go hand in hand. By reducing duplication between these management system standards, an integrated approach to compliance management enables organisations to reduce short- and long-term costs, dramatically decreasing duplication of effort and increasing effectiveness.