ISO 27001 Information Security Management (ISM) Certification

ISO 27001 Certification Consultants help implement ISM

In the modern world a robust information security management system (ISMS) is essential to maintain the integrity of your data, limit breaches and avoid legal complications. With prospective clients looking for partners with whom they can confidently share their personal and business data, an ISO 27001 Information Security Certification helps your organisation demonstrate that information security is integrated into your operational practices.

ISO 27001 Information Security Management (ISM) takes a deep look into how your company manages data, how data is accessed through onsite and offsite interactions, who benefits from this access and what systems are in place to ensure it's maintained and safe from unwanted attention. The need to protect your digital and physical data, reduce risk, secure information systems and maintain continuity of service are cornerstones of the ISO 27001 Certification, which will place stakeholder's minds at ease that their data is in good hands.

ISO 27001 is one of the fastest growing management systems and is being adopted by businesses worldwide. Obtaining UKAS accredited certification will help your business to win and retain a client's confidence. Many industries gain significantly from the Information Security Standard including charities, healthcare, print, professional services, transportmarketingtechnology. This is an ever growing list as it's not a standard that is specific to one industry.

As an established London, Kent and Sussex based ISO Consultancy, 2SB have highly skilled ISO 27001 Consultants making us one of the best in the business. This allows us to tackle even the most challenging ISO 27001 Certifications and ensure we retain our 100% success rate. We work out of our offices in Kent and cover Sussex and London. Speak to us today about a competitive rate to simplify your certification.

Strategy of ISO 27001

  • Ensure compliance to the Data Protection Act, GDPR and other legislation
  • Reduce the likelihood of fines and prosecution from information security risks
  • ISO 27001 Information Security provides a infosec competitive edge

Benefits of ISO 27001

  • Control your business data through improved information security management
  • Prevent staff related incidents, loss of data and improve business continuity
  • ISO 27001 Consultats help reduce the need for lengthly information security tender documents

Customer Benefits

  • ISO 27001 allow customers to help meet their own information security responsibilities
  • Customers feel assured that their information is secure wthin your business
  • An ISO 27001 certification builds trust in customers seeking responsible suppliers

Our approach

Consultation – initial fact finding conversation on the phone or in person to understand more about your business

Proposal – when we understand what your needs are, we will produce a proposal that outlines the support required to get you certification

Implementation – once the proposal is approved, implementation can begin. We will work with you over a series of onsite and offsite days to prepare your management system for the audit

External audit – you will be visited twice by an external certification body who will test your system and award you the ISO certificate

Ongoing support – we want to build lasting relationships and help you constantly improve your business. We have extensive experience working in SMEs across industry sectors and take a pragmatic approach to providing sound business advice

Key features

  • Context and planning – understanding the internal and external security issues that can impact your business
  • Risk – analysing the key risks to your business and how you will treat them
  • Objectives and Opportunity – defining what you will do to drive the business forwards
  • Leadership – ensuring that management are committed to quality and system improvement
  • Training – reviewing the competence of staff & their training needs
  • Performance review/internal audit – are you delivering your products and services in the way you have planned to
  • Human resource security – recruitment, training and awareness
  • Asset management – acceptable use, labelling of information and disposal
  • Access control – user registration and deregistration, control of passwords, secure logon procedures
  • Operations security – change management, event logs and technical vulnerabilities
  • Communications security – network security, transfer of information
  • Secure development – secure development policy, systems security testing
  • Management of suppliers – control and monitoring of supply chain
  • Business Continuity – BCP plans and tests
  • Information security incident control – procedures and responsibilities

Certification strategy

For more information on how certification works, read our simple demystification guide

What our customers say about us

Case Study view all

Meet a Consultant view all

Jon Passmore
Management Systems Consultant & Director
Jon Passmore

Frequently asked question view all

How does the certification process work? How do I get certification?

Firstly you will need to have implemented or be in the process of implementing the specific management system you are hoping to achieve certification against.

You don’t need to have fully implemented the system before contacting the certification bodies, however having made a start or knowing how far you have to go can help set a date to aim for.

Once you have in mind a date that you feel is realistic to work towards, the next step is to contact one or more certification bodies to ask for quotes. You will be required to provide information about your business (i.e. nature of your work, number of employees and the roles they do, number of sites) so the certification body can make a good approximation about how many days it will take an assessor to audit your business.

We recommend contacting at least two certification bodies since the price and number of days they expect the audit to take can vary. 2SB recommend that you always approach UKAS accredited certification bodies, as these certificates carry much more weight and you can be assured that your business is being correctly assessed.

Based upon the quotes received, you will need to decide the most appropriate body to certify with and set a date for your Stage 1 and Stage 2 audits.

Contact an ISO Consultant