Are you a cloud-based business looking for ISO-27001 certification Are you curious about the process and the benefits? And whether or not it is worth the effort.
ISO 27001 certification Australia is worth it because it gives you a competitive advantage. It shows that your company is serious about information security and that you have implemented best practices. This can help you win new business and keep existing clients. It can also help you attract and retain top talent.
While there are many articles about ISO-27001 that have been written by compliance and security consultant firms, it isn’t clear what the process looks like for an organization.
This was something we noticed was missing in our research. We thought, why not share our first-hand account?
This blog post addresses the main questions that we asked before making a final decision.
How much time does it take to be ISO-27001-certified?
This was a difficult question to answer online. We now know why. It really depends on what your company does. Everything was available for reading from a few months up to a year. It took us 18 years.
A few factors pushed the process further:
• We have a small team and didn’t have a dedicated person who worked on this full time. Our IT and Security departments focused on ISO rather than BAU.
• We also made the decision to comply with every control as described in Annex A. This included things that we didn’t consider risks. This was a decision to be fully thorough and to follow best practices. Some companies might not want to do this.
Does ISO-27001 certification save time, energy, and money?
Being ISO 27001-certified was an investment that paid off for us. This was a smart business decision for many reasons, even though there were contracts that were dependent upon our eventual certification.
Our business benefits include:
• Our organization must have a strong security culture
• We are living and breathing our vision of becoming the best people presence management system on the market.
• Our brand is now the preferred choice of enterprise-level organisations.
• There are potential cost savings that can be realized by having an effective information security management program.
How much maintenance do you need to keep ISO-27001 certified?
ISO-27001 requires constant management and maintenance. We have heard it said that ISO is a lifestyle.
ISO 27001 Certification Retention includes:
• An annual surveillance audit ensures that you’re in control of all areas of concern.
• You will need to undergo a major re-audit every three years to determine your eligibility for certification.
• You will also need to review other reports and documentation bi-monthly.
• ISO-27001 certification might not be required if you serve small businesses (who are generally less discerning than larger organizations).
Our advice for any organization going through the certification procedure:
It is important to bring everyone along on this journey. This is a cultural shift that requires everyone to understand why it is important and what it is like.
It is important to ensure you have sufficient people to perform the required roles. Our leadership team is small so it was not possible to fulfill all the requirements.
It is important to have someone who can drive and own this process. This was our CEO. He was a committed individual who gave his all to make this happen. This was his sole focus.
