ISO 27001 FAQ’s

We often receive questions about ISO 27001 Information Security Management certification.

We’ve compiled the most commonly asked questions and provided our answers below, which we hope helps.

Speak with our knowledgeable team on 0333 242 8633.

Absolutely not. ISO 27001 is about the Confidentiality, Integrity and Availability of data. Many people forget the second two. You could be a taxi company taking people to medical appointments or court, where confidentiality matters. You could be a shop fitting company needing to make sure the plans are correct, where integrity matters. You could also be a chemical provider that needs to ensure MSDS and COSHH sheets are available to the public. ISO 27001 is relevant in all cases.

No. In fact sometimes too much technical knowledge can blind you. You need to combine many skills and while understanding of technical elements is essential, you don’t need to be a technical expert.

We must remember ISO 27001 isn’t just an IT standard: it’s as relevant to you if you use quill pens and parchment as the cloud. Also, not everyone is at the cutting edge of technology. Rewriting the standard so that it only covers the latest developments would not only date it very quickly it would also limit the applicability.

Possibly but also the ISO is going down the route of creating additional Codes such as ISO 27017, ISO 27018 and ISO 27701. These give them more flexibility of offering additional controls in specific sectors or industries without making the core standard into a monster that becomes unworkable to smaller organisations.

What you find is many standards and requirements cover similar but different ground. Certainly, many of the DFARS headings and ISO 27001 clauses are very similar but ISO 27001 tends to be broader, covering additional areas.

Explain, communicate, train but most important is Leadership.

Absolutely. The ISO 9001 management systems are based on Annex SL and designed to be integrated. You can save time and money with integrated management systems.

Contact the ISOQAR sales team and they can point you in the direction of where you can get more information to help yourself if you want to implement the standard yourself. You can also go on an ISO 27001 training course. We often recommend you get support from an independent consultant listed on the ISOQAR Associate Network.

Ask for a quote from the sales team at ISOQAR. In the long term it should save you money. If it doesn’t –  chances are you’ve done it wrong!

Make sure your certificate is UKAS accredited

Not all certificates are equal. You need to make sure your certificate is issued by a body that has been accredited by the government-recognised United Kingdom Accreditation Service (UKAS).

A UKAS accredited certification body like ISOQAR undergoes regular rigorous inspections by UKAS to check we are operating to the highest standards.

This means that when you hold a certificate from a UKAS accredited body, you can be sure it’s more meaningful. Certificates that are issued by bodies which are not UKAS accredited are often not accepted.

UKAS accredited certificates are accepted across the world as evidence that you meet global standards of best practice.

Ready to go? Start your journey with Alcumus ISOQAR today

Choose from a phone call or an email quote, to find a format that suits you and your business