Your organisation probably has policies in place for keeping information safe and ensuring you comply with legislation. ISO 27001 will bring your policies together into a single, structured system, helping you mitigate the risks associated with data breaches and mismanagement.
As the internationally-recognised Information Security Management System, ISO 27001 will reassure you and your stakeholders that you are committed to protecting every form of data.
We can help your organisation achieve ISO 27001 through a compliance audit, ensuring the information you hold is safe, secure and properly managed.
Safeguarding information assets and personal data makes sound business sense but is also a legal and regulatory obligation. The Information Commission Office specifically mentions ISO 27001 certification as a consideration in establishing whether an organisation has taken ‘reasonable steps’ in protecting personal data under GDPR.
With increasingly sophisticated cyber-attacks and high-profile data leaks, no wonder the number of organisations achieving certification to ISO 27001 is growing year on year.
Centre for Assessment is a respected, client-focused and ethical UKAS-accredited certification body with years of experience auditing organisations like yours against the ISO 27001 Standard.
Centre for Assessment believes that value is extremely important but also understands that cost is a key factor for organisations considering an ISO 27001 audit. We pride ourselves on the quality of our certification services but are also keen to offer highly competitive prices for your business.
Many of the benefits of you implementing an Information Security Management System are common sense. Auditing your System to ensure it meets the requirements of the international framework – ISO 27001 – can have an extremely positive impact on your organisation.
An ISO 27001 audit with Centre for Assessment may help you to:
✔ win more business;
✔ develop trust and credibility;
✔ improve the culture of security in your organisation;
✔ review and improve the strength of your security measures;
✔ give your customers reassurance that their data is safe;
✔ reduce costs associated with information mismanagement;
✔ comply with international legal obligations and regulations, including GDPR;
✔ provide a competitive advantage for your company.
You may find the idea of an ISO 27001 audit daunting. Centre for Assessment is committed to supporting you to ensure your audit is painless and successful, adding value to your organisation and helping you improve your business.
We can provide a gap analysis, internal auditor training and a range of additional, impartial support to help your preparations for audit.
You may also choose to have an integrated audit against multiple ISO Standards, saving costs and unnecessary disruption for your company.
Cyber Essentials Plus can further enhance your management of information security. This is a Government-backed scheme which can complement your ISO 27001 certification.
Initial thoughts: Firstly, you need to establish that ISO 27001 is the right fit for your organisation and, if so, what the scope of certification will be. Centre for Assessment will be happy to help you make these decisions. If you already hold another ISO certification, such as 9001, it may be possible to complete a combined audit if your Management Systems are sufficiently integrated.
Preparation: You may choose to hire a consultant to help you design and implement your Information Security Management System. Centre for Assessment does not offer a consultancy service but can provide you with a list of our independent associates who would be happy to work with you. You could opt to use Centre for Assessment to provide a pre-assessment service. Alternatively, you may choose to move forward without seeking external support – it’s up to you.
Apply: Submit an application form via our website here
Quotation: Your application will be reviewed by a member of our Business Development team, who may need to call you to request further information before providing you with a no-obligation audit proposal.
Accept: Review the proposal sent by Centre for Assessment and, if you are happy, sign and return the document to us.
Make arrangements: You will be allocated a specialist, experienced auditor who will contact you to introduce themselves, discuss arrangements and book dates for your audit.
Audit Stage One: The Stage One audit will involve a review of the documents relating to your Information Security Management System. Stage One also explores your readiness to move on to Stage Two.
Audit Stage Two: The Stage Two audit looks at the effectiveness of your Management System.
Verification: Once the two stages are complete and any findings addressed, your auditor will recommend that Centre for Assessment awards you with ISO 27001 certification.
Certification: Following a technical review by a decision-maker, you will be issued a certificate that is valid for three years. You can advertise the fact that you are certified to the Standard and use the ISO 27001 logo on your website and elsewhere.
Annual Audit: At 12 and 24 months following your initial audit, review visits will be completed to ensure you are still compliant with ISO 27001. These will be arranged directly with your auditor.