Help | Contact

+442071831245

|

hello@projectfusion.com

Try Now For FREE

ISO 27001 beginners guide – 5 key steps

Many businesses are now preparing or considering getting ISO27001 accredited, and it’s something you really should consider implementing if you host any kind of remotely sensitive information. This is the first in a short series of posts  – an ISO 27001 and Information Security beginners guide.

What is ISO 27001 certification

An ISO 27001 certification means that a regulated 3rd party auditor comes into your business, looks at your Information Security processes, people and records, and certifies you as compliant with the ISO 27001 standard (or not!).
The standard documents a huge array of security measures – you decide which ones are applicable to your business.

5 key steps for an IT business

If you’re preparing for ISO 27001 at some point, here are some key things that an IT related business can start doing to be prepared. These 5 steps greatly improve what the experts call your security ‘stance’.
Maintain a risk register – a prioritised list of risks that you are either mitigating or accepting. This must be updated regularly as new risks arrive.
Security screen your staff – this includes the obvious stuff like CRB, reference and ID Checks – but you’d be surprised how many folk don’t do this.
Log EVERYTHING! So record pretty much everything you do related to security. Log security related meetings that you have had (even for just 2 people), log training sessions, log security incidents. This all helps the auditor get a feel that you are doing what you say you do.
Screen suppliers – making sure all suppliers are secure too (our select few suppliers are iso27001 and government accredited)
Secure development – Make sure your developers are following good secure development principles
if you’d like some help getting started with ISO 27001, do feel free to get in touch, I’d be happy to give you some pointers. It took us about 6 months to get certified, and if you’re looking at doing this, do it soon – it’s easier when you’re small and growing.
This is the first in a series of posts about ISO27001, future topics include the 2 types of certification, risk treatment, choosing an advisor, common terms, and some example templates. Let me know if there’s anything you’d like to see!

Related Stories

Subscribe for updates

Get the latest data and security incidents straight to your inbox with our weekly newsletter

Follow Us

Twitter Facebook-square Linkedin
Solutions
Resources
Company
We’re ISO27001 accredited…
We’re also fully GDPR compliant…
We’re also Cyber Essentials certified too!
We give 1% of turnover to charity!
Leave us a review!
  • 2024 OD Consultancy Ltd. All rights reserved
Facebook-square Linkedin

Simply enter your name & email address and we’ll we’ll provide you with early access!

Get instant access to pricing,  checklists, and a free trial!

No Credit Card Required

For more info, see our Privacy Policy.