ISO27001 Advantage: Your Path to easy implementation and certification
When you are a small business, eager to grow and thrive in today’s digital landscape and you know what you offer is amazing. But there’s a roadblock standing in your way—the demand for ISO27001 certification from your customers. You know the certification is crucial for gaining trust, staying ahead of the competition and growing your business. However, the process seems complex, time-consuming, and overwhelming and you are not sure where to start.
What if we told you there’s a proven path to achieving ISO27001 certification in just 6 months? Welcome to ISO27001 Advantage, your ticket to unlocking your business’s true potential.
ISO27001 Implementation
We have seen the impact having ISO 27001 can have on a business and how clients are coming to expect the certification from businesses who have access to their business or personal data. There are a number of challenges for those businesses without ISO27001 or when implementing it without expert support.
The Loss of Clients and Contracts: Without ISO27001 certification, your business may miss out on lucrative business opportunities, as clients and potential partners increasingly prioritise information security. You may lose contracts or fail to attract clients who, increasingly, require proof of compliance.
Data Breaches and Security Incidents: Without proper information security measures and ISO27001 implementation, your business becomes more vulnerable to data breaches, cyberattacks, and security incidents. This exposes your business to potential legal and financial liabilities, damage to your reputation, and loss of customer trust.
Regulatory Penalties and Fines: Non-compliance with industry regulations and data protection laws can result in significant penalties and fines. Your business may face legal repercussions, harming your financial stability and diverting resources that could have been invested in growth and development.
Resource Drain: The absence of a structured ISO27001 implementation programme leads to inefficiencies and additional costs. Your business may struggle with ad-hoc approaches, trial and error, and the need to dedicate significant time and resources to navigate the complexities of certification on your own.
Competitive Disadvantage due to Lowered Market Positioning: Competitors who have achieved ISO27001 certification can leverage their compliance as a competitive advantage, positioning themselves as more reliable and secure options for clients. Your business may face difficulties in differentiating itself from competitors and attracting new clients as a result.
Increased Workload and Stress: The absence of a guided ISO27001 implementation programme places a heavy burden on your business team. They may struggle with understanding and meeting the requirements, leading to increased stress, burnout, and diminished employee morale.
Work-Life Imbalance: The extra workload and frustrations stemming from the lack of a supportive implementation programme can spill over into personal lives. Business owners, managers, and employees may experience increased stress, strained relationships, and a diminished quality of life outside of work.
Say Goodbye to Overwhelm and Hello to Confidence
Overwhelm and Uncertainty – We understand the challenges you face, from lacking the expertise to navigate ISO 27001 requirements to feeling lost in a sea of information overload. Our experts are on hand to guide and advise on certification for your business.
Limited Resources and Time Constraints – As a small business, resources are precious, and time is of the essence. We know that the thought of allocating dedicated personnel and extensive hours to ISO 27001 implementation can feel daunting, so we help reduce the time it takes to achieve certification.
Lack of In-House Expertise – Trying to tackle ISO 27001 without the necessary knowledge and expertise can be like walking in the dark. We are your expert guiding hand, ready to show you the best way and ensure you meet the certification requirements first time.
How our ISO27001 Implementation Programme Works
Our comprehensive ISO27001 Implementation Programme is specifically designed to make the process of achieving ISO27001 certification easier and more manageable for your business. It is led by ISO 27001 Experts who have helped lots of organisations to ISO Success.
Here’s how our programme will simplify the journey and provide you with the necessary support:
Clear Roadmap and Guidance: We provide you with a structured roadmap that outlines the step-by-step process of implementing ISO27001 within your business. Our expert guidance ensures that you have a clear understanding of each phase, allowing you to progress smoothly and confidently, and to your timescale.
Template Documents and Resources: As part of the programme, you will have access to a comprehensive set of documents, policies, and procedures. These resources have been implemented into a number of businesses who have achieved certification and serve as a starting point. The documents can be customised to suit your specific business needs, saving you time and effort in creating everything from scratch.
Weekly Accountability Calls: Our programme includes weekly accountability calls where you can connect with our team of experts. These calls provide an opportunity for you to ask questions, seek guidance, and discuss any challenges you may encounter. The regular check-ins keep you motivated, accountable, and on track towards your certification goal.
Internal Audits: You will need a full suite of internal audits to be able to progress to certification. Our internal audit team will undertake the audits to ensure that your ISMS (Information Security Management System) meets the required levels for certification and may suggest improvements to make your ISMS more effective.
Risk Management Meetings: We assist you in conducting risk assessments, which are a critical component of ISO27001 compliance. Our experts will guide you through the process, helping you identify vulnerabilities, assess risks, and implement necessary controls to enhance your information security practices.
Management Review Meetings: Our programme includes two Management Review meetings to ensure ongoing compliance with ISO27001 standards. These meetings provide an opportunity for you to review progress, discuss improvements, and demonstrate your commitment to maintaining information security within your business.
Ongoing Support and Expert Advice: Throughout the programme and for 3 months beyond the end of the 6 month programme, our team of experts is available to provide ongoing support and advice. We understand that certification is just the beginning, and we are committed to helping you sustain and continuously improve your information security practices in the long run.
By joining our ISO27001 Implementation Programme, you will have a clear roadmap, access to tried and tested documents, regular accountability calls, assistance with internal audits and risk management, management review meetings, and ongoing support. These elements combine to make the certification process easier and more attainable for your business, empowering you to achieve ISO27001 certification with confidence and efficiency.
Testimonials
“Lesley Cooley has proved to be an invaluable asset to our company in the ISO27001 process. Her knowledge and ability to understand the needs of the business were paramount to us achieving certification. She was there throughout the whole process to provide guidance and support and certainly helped to engage and energise all of our staff throughout the process.”
“Lesley, you have honestly been such a wonderful part of the team, and will forever have an important part in our story”
“We appointed Lesley to help us on our compliance journey after searching for some time for a qualified advisor who truly understood the complex nature of our data landscape. Lesley has demystified and broken down the requirements and her pragmatic and grounded approach has put us well on track to hit the compliance deadline. I would recommend Lesley to any small or medium sized organisation seeking an experienced and practical consultant.”
Frequently Asked Questions
We cannot certify you so you will need to select a certification body to check that you have implemented Iso27001. This involves 2 audits, the first call a phase 1 audit, where you are reviewed to see how well you comply with the standard. At this audit you are generally not expected to have everything in place. Then there is a Stage 2 audit where you will receive your certification if successful. For the stage 2 audit you need to be meeting the standard required for certification. If you do not meet the standard at the Stage 2 audit you may be given a short period of time, 2-3 weeks, to get the missing elements in place.
Once you have received your certification, you need to continue to undertake the various requirements to meet the standard. One of the key elements of ISO27001 is continuous improvement so you will need to demonstrate that you continue to meet the required standard and improve your ISMS throughout the year. After certification, there will be an annual audit, called surveillance, for two years before your business will be re-certified in year 3.
There are weekly group zoom calls for the implementation phase. These set out what you need to do each week and can answer any questions you may have. If you are stuck between calls, you can try the frequently asked questions section on the support platform and if that doesn’t help, then you can email the team who will respond as quickly as possible.
Generally what we find is that a business has good practices in place but hasn’t documented them. That’s where the policies and procedures come into place. Most organisations don’t need to make lots of changes to the way they work, just tweaking their good practice.
The programme is designed to achieve certification in 6 months, but we know that business life can sometimes cause delays so we provide email support for an additional 3 months. Making a support programme which lasts 9 months.
We have worked with Clients who have achieved ISO 27001 in 3 months and others who have taken a year to get it. A lot depends on what you already have in place and whether this already meets the standard required by ISO27001. If the business needs to improve its practices to meet the standard this can take a lot longer.
ISO27001 Advantage provides the guidance to achieve certification within six months. If you are able to tailor documents and get the evidence to support the certification in place, then you can achieve the certification quicker.
ISO27001 Advantage is a very comprehensive implementation programme but there will still need to be things that the in-house team will need to do including:
- Attending the weekly group Zoom Calls to stay on track
- Amend our documents to include specifics about your company
- Select a certification body
- Creating a Management Review Committee and attending meetings
- Creating a Risk Management Committee and attending meetings
- Attending Internal Audits
- Providing evidence that the ISMS is working
- Attending training sessions
- Sending out our prepared Awareness Campaigns
All implementations from June 2023 will be working towards the latest version of ISO27001:2022.
ISO27001:2013 is still available to be implemented but then you would need to convert it to ISO27001:2022 so we are saving you a step by helping to implement 2022.
Why work with us?
Audit & Risk Professionals is a small but perfectly formed team. We have a variety of skills and experience. Lesley leads the ISO27k implementation programmes and believes in making it easy to understand and undertake. Lesley Cooley has over 25 years’ experience in process improvement combined with 18 years in data protection compliance. Lesley holds the respected ISEB Certificate in Data Protection and is a part qualified accountant. A Level 5 Institute of Leadership and Management coach and Mentor as well as an Institute of Risk Management qualified Risk Manager. Lesley is also a certified Information Security Management System Lead Auditor which means that she can audit to the ISO27001 (Information Security) standard. Ian is our cyber security expert and Gordon is our internal auditor (with lots of experience and qualifications). As a small team we can be responsive to your needs.
About me
I am Lesley Cooley and I completely understand the journey a business takes when it decides to undertake ISO 27001. That was me back in 2018. A company I worked for had been told they needed to get ISO 27001 by their largest client. If they didn’t get the certification the client would stop working with them. I had been on the periphery in previous roles but this time I was going to lead the implementation (yikes).
I started to google what ISO 27001 involved and it was really hard to find very much that made sense. I bought the standard and read it – yes I really did. The standard is written in very formal regulatory language and is designed to be implemented by businesses of all sizes so set out what you need to comply with (admittedly not very clearly). Then I decided to do the Security Auditor course, thinking that if you were to audit to the standard, you’d need to know what it was about. I also passed the certification test at the end of the week (Yay). Now I knew what you needed to do. The how was more complicated.
There are compulsory policies required as part of the ISO 27001 standard and I bought a template pack, thinking that would be easier than starting from scratch. Well think again. This template pack had 120 different policy templates in it. They were, let’s just say, formally worded and not easy to read or understand, Not my style at all and 120 policies to review and update was not going to work for my client. So we scrapped that and I did start from scratch creating a set of policies and procedures to meet the standard which were easy to read and understand. No complicated policies for this client.
My risk management background, change management and internal audit background was a huge bonus and me and the rest of the team worked hard to get all the elements for the certification completed. I recruited the trainer from the Security Auditor course to work for me on a consultancy basis and he did the internal audits. We were ready for certification. A coaching day and trial certification audit provided to the team and it was the day of the certification audit. I only hoped that I had done enough to get them through the certification. We flew through the audit and our certification was granted. The team and I were thrilled.
This was the first of our implementations, we have perfected the way we do implementations to make it simple and less time consuming for clients. The things we learned from the first implementation, have made all the others easier. We have refined the team we use so each client gets the support they need, when they need it. We continue to grow our expertise as we support each organisation and understand their specific way of working. We offer practical solutions tailored to your business, reducing the anxiety and wasted time and money that often come with figuring out the right path to take.
Outside of work, you can find me baking up a storm or walking my beloved dog Riley. Walking helps me unwind and often sparks new ideas too.
So in a nutshell, I’m Lesley – plain-talking, thoughtful and dedicated to my clients’ success. My own ISO 27001 journey fuels my passion for making the process easier for others.