Information Security

ISO 27001 Certification Consultants

With prospective clients looking now more than ever for partners with whom they can confidently share their business data, ISO 27001 Certification helps businesses to demonstrate that information security is critical to the way they work.

The need to protect your data, reduce risk, secure systems and maintain continuity of service are some of the key aspects covered by ISO 27001 Certification. It's the fastest growing management system and is being adopted by businesses worldwide - with information security on the conscience of businesses and consumers, it will continue to grow in demand and importance.

An Information Security Management System takes some effort to implement but with the help of experienced and knowledgeable ISO Consultants the areas that are often problematic can be overcome.

Whether you are in charities, healthcare, print, professional services, transportmarketingtechnology or any other sector, 2SB are experienced ISO 27001 Consultants and will help guide you to certification.

Strategic Benefits of ISO

  • Ensure compliance to the Data Protection Act, GDPR and other legislation
  • Reduce the likelihood of fines and prosecution from information security risks

Business Benefits of 27001

  • Control your business data through improved information management
  • Prevent staff related incidents, loss of data and improve business continuity

Customer Benefits of ISO

  • Customers feel assured their data is being protected by your business
  • Allow customers to help meet their own information security responsibilities

Our approach

Consultation – initial fact finding conversation on the phone or in person to understand more about your business

Proposal – when we understand what your needs are, we will produce a proposal that outlines the support required to get you certification

Implementation – once the proposal is approved, implementation can begin. We will work with you over a series of onsite and offsite days to prepare your management system for the audit

External audit – you will be visited twice by an external certification body who will test your system and award you the ISO certificate

Ongoing support – we want to build lasting relationships and help you constantly improve your business. We have extensive experience working in SMEs across industry sectors and take a pragmatic approach to providing sound business advice

Key features

  • Context and planning – understanding the internal and external security issues that can impact your business
  • Risk – analysing the key risks to your business and how you will treat them
  • Objectives and Opportunity – defining what you will do to drive the business forwards
  • Leadership – ensuring that management are committed to quality and system improvement
  • Training – reviewing the competence of staff & their training needs
  • Performance review/internal audit – are you delivering your products and services in the way you have planned to
  • Human resource security – recruitment, training and awareness
  • Asset management – acceptable use, labelling of information and disposal
  • Access control – user registration and deregistration, control of passwords, secure logon procedures
  • Operations security – change management, event logs and technical vulnerabilities
  • Communications security – network security, transfer of information
  • Secure development – secure development policy, systems security testing
  • Management of suppliers – control and monitoring of supply chain
  • Business Continuity – BCP plans and tests
  • Information security incident control – procedures and responsibilities

Certification strategy

For more information on how certification works, read our simple demystification guide

What our customers say about us

Case Study view all

Meet a Consultant view all

Grant Gray
Management Systems Consultant
Grant Gray

Frequently asked question view all

How does the certification process work? How do I get certification?

Firstly you will need to have implemented or be in the process of implementing the specific management system you are hoping to achieve certification against.

You don’t need to have fully implemented the system before contacting the certification bodies, however having made a start or knowing how far you have to go can help set a date to aim for.

Once you have in mind a date that you feel is realistic to work towards, the next step is to contact one or more certification bodies to ask for quotes. You will be required to provide information about your business (i.e. nature of your work, number of employees and the roles they do, number of sites) so the certification body can make a good approximation about how many days it will take an assessor to audit your business.

We recommend contacting at least two certification bodies since the price and number of days they expect the audit to take can vary. 2SB recommend that you always approach UKAS accredited certification bodies, as these certificates carry much more weight and you can be assured that your business is being correctly assessed.

Based upon the quotes received, you will need to decide the most appropriate body to certify with and set a date for your Stage 1 and Stage 2 audits.

Contact an ISO Consultant