ISO 27001 Checklist: Are you ready to get certified?
ISO 27001 – or to give the current version its official title, ISO/IEC 27001: 2017 – is a framework which guides organisations in adopting a thorough Information Security Management System (ISMS). Any business that wants to improve processes, information security and privacy policies, in order to protect customer or sensitive data, should be looking to gain an ISO 27001 certification, however many start the journey without full buy in within the organisation which leads to complications along the journey.
Our very own Head of Compliance & Information Security, Kerry Jones, has shared her checklist of questions that, before you begin the journey to implement ISO 27001, you need to answer, so you can understand if your organisation is ready, and if this is the right time for certification.
Ideally, you want to answer yes to all of these checklist questions before you begin:
- Are we fully committed to this endeavour as a whole business?
- Do I have buy-in from all senior management including the CEO?
- What level of commitment to process change is there at a senior level?
- Has the scope of the ISO 27001 been defined and agreed with all parties?
- Has the scope of ISO 27001 been communicated with the rest of the business, with ‘what and why’ explained?
- Has the internal or external legal counsel been engaged to prepare for possible contract changes?
- Have the various heads of departments including IT, Networks, Marketing, Human Resources, etc, been engaged?
Answered Yes to all questions?
If you have answered yes to the questions above, you are ready to implement the relevant processes and controls within the business to become ISO 27001 certified. You can achieve and maintain your ISO 27001 certification with a fully managed service from us, which takes you through the process step-by-step to completely take away the strain.
Answered No to some questions?
If you have answered no to any of the questions above, you are going to face some complication on achieving the intended outcome. You need to ensure that Senior Management within the business are on board as it’s a requirement of the standard to demonstrate their buy in to the process, and evidence how information security is communicated to the rest of the business. Get in contact with us for advice on how to get your organisation ready for ISO 27001 certification.