Please ensure Javascript is enabled for purposes of website accessibility

What is ISO 27001? An easy-to-understand explanation

ISO 27001 is the internationally recognised Information Security Management System Standard that will help your organisation meet contractual requirements.  

Safeguarding information and data are not only important, but a legal requirement for many businesses. To gain ISO 27001 certification, you must demonstrate that you have identified and assessed potential security risks to confidential information and data. The organisation would also need to have taken steps to ensure that these risks are reduced and that security controls work properly. 

An ISO 27001 audit is based on a 3-year cycle, and you can get certified with a UKAS accredited organisation such as Centre for Assessment. 

How can 27001 benefit an organisation?  

Compliance to 27001 can have a range of benefits for an organisation, including: 

  • Win more business 
  • Develop trust and credibility 
  • Improve the organisation’s security culture 
  • Review and improve the strength of your security measures 
  • Give your customers reassurance that their data is safe 
  • Reduce costs associated with information mismanagement 
  • Comply with international legal obligations including GDPR 
  • Provides a competitive advantage for your organisation 

Is ISO 27001 right for you? 


With cyber-attacks becoming increasingly advanced, it’s no surprise that the number of organisations undertaking the ISO 27001 certification is expanding. The certification is a must, not a want, for organisations that are technologically wealthy or are reliant on data and is most definitely recommended if the organisation holds data in any other way. 

It is most popular amongst healthcare providers, educational establishments, local authorities and other public bodies, with these organisations resting assured that their information is protected. For some organisations that provide services to the NHS, ISO 27001 is increasing considered a key standard, particularly for organisations handling sensitive health and patient data. 

How much does it cost? 

Here at Centre for Assessment, we believe that value is paramount, but we also feel that affordability is just as important. We continuously pride ourselves on the quality of our certification audits but appreciate that for our client’s, cost is a big factor. 

If you’re interested in becoming certified in the standard, our Business Development team will contact you and discuss a tailored, no obligation proposal. Within the proposal, we consider factors such as the number of staff the organisation employs and the complexity of the business. 

A Breakdown of the Certification and Audit Process: 
 

Step 1: Develop and implement your management System 

You may choose to hire a consultant to help you design and implement your Information Security Management System. Centre for Assessment does not offer a consultancy service but can provide you with a list of our independent associates. You could opt to use Centre for Assessment to provide a pre-assessment service. Alternatively, you may choose to move forward without seeking external support. 

Step 2: Apply 

Apply online to receive a no-obligation audit proposal for your organisation. If you don't have time to complete this, give us a call and a member of our Business Development team will be happy to help you. 

Step 3: Plan  

You will be allocated a specialist, experienced auditor who will contact you to introduce themselves, discuss arrangements and book dates for your audit. 

Step 4: Audit Stage 1 

The Stage One audit will involve a review of the documents relating to your Security Management System. Stage One also explores your readiness to move on to Stage Two. 

Step 5: Audit Stage 2 

The Stage Two audit looks at the effectiveness of your Security Management System, ensuring it is successfully implemented and fully operational. 

Step 6: Certification 

Following a technical review by a decision-maker, you will be issued a certificate that is valid for three years. You can advertise the fact that you are certified to the Standard and use the ISO 27001 logo on your website. 

Step 7: Annual Audit 

At 12 and 24 months, review audits will be completed to ensure that you are still compliant with ISO 27001. 

For more information: 
Visit our website for more information about us and what we offer: Home | Centre for Assessment 

proud to be part of The Growth Company