Once you have received your certification, you need to continue to undertake the various requirements to meet the standard. One of the key elements of ISO27001 is continuous improvement so you will need to demonstrate that you continue to meet the required standard and improve your ISMS throughout the year. After certification, there will be an annual audit, called surveillance, for two years before your business will be re-certified in year 3.
We cannot certify you so you will need to select a certification body to check that you have implemented Iso27001. This involves 2 audits, the first call a phase 1 audit, where you are reviewed to see how well you comply with the standard. At this audit you are generally not expected to have everything in place. Then there is a Stage 2 audit where you will receive your certification if successful. For the stage 2 audit you need to be meeting the standard required for [...]
Generally what we find is that a business has good practices in place but hasn't documented them. That's where the policies and procedures come into place. Most organisations don't need to make lots of changes to the way they work, just tweaking their good practice.
ISO27001 Advantage is a very comprehensive implementation programme but there will still need to be things that the in-house team will need to do including: Attending the weekly group Zoom Calls to stay on track Amend our documents to include specifics about your company Select a certification body Creating a Management Review Committee and attending meetings Creating a Risk Management Committee and attending meetings Attending Internal Audits Providing evidence that the ISMS is working Attending training sessions Sending out our prepared Awareness Campaigns
There are weekly group zoom calls for the implementation phase. These set out what you need to do each week and can answer any questions you may have. If you are stuck between calls, you can try the frequently asked questions section on the support platform and if that doesn't help, then you can email the team who will respond as quickly as possible.
The programme is designed to achieve certification in 6 months, but we know that business life can sometimes cause delays so we provide email support for an additional 3 months. Making a support programme which lasts 9 months.
All implementations from June 2023 will be working towards the latest version of ISO27001:2022. ISO27001:2013 is still available to be implemented but then you would need to convert it to ISO27001:2022 so we are saving you a step by helping to implement 2022.
We have worked with Clients who have achieved ISO 27001 in 3 months and others who have taken a year to get it. A lot depends on what you already have in place and whether this already meets the standard required by ISO27001. If the business needs to improve its practices to meet the standard this can take a lot longer. ISO27001 Advantage provides the guidance to achieve certification within six months. If you are able to tailor documents and get the evidence to support the [...]