ISO/IEC 27001
International Organization for Standardization / International Electrotechnical Commission
Achieving 27001 certification is a rigorous process, but it boosts your profitability, cost-savings, competitive edge, and minimizes the risk associated with existing relationships. To get the certification, the ANSI National Accreditation Board (ANAB) painstakingly reviews the establishment, implementation, operation, monitoring, maintenance, and improvement of how your information security management system handles sensitive company information.
Requirements
Auditor required to apply?
Yes. By an independent certification body. In the US, they must be ANAB-accredited.
Federal, state, or industry requirement?
No.
Why Seek ISO/IEC 27001?
- Show customers you’re proactive about security threats.
- Gain access to global markets that depend on 27001 compliance, including countries where it’s an entry requirement.
- Compete better internationally.
- Stop dealing with security questionnaires and auditors for every new client.
A Typical ISO/IEC 27001 Engagement
27001 certification is good for 1 year. A surveillance audit per year for the next 2 years extends it to a total of 3 years.
Timeline: 3-6 months based on the accreditor’s schedule.
Day 0
Project initiation and kickoff
Day 1
Begin creating policies and processes
Day 30
Supply 33% of policies and procedures
Day 45
Conduct risk assessment
Day 60
Supply 66% of policies and procedures
Conduct internal audit
Day 75
Conduct incident response exercise
Day 90
Supply 100% of policies and procedures
Start onsite audit support
Day 120
Finish audit supports
Day 140
Respond to auditor draft report
Day 150
Receive ISO 27001 certification
Let’s get you on the right track.
Fill out the form to talk to a Neutral Partners expert about ISO/IEC 27001, and we’ll be in touch as soon as possible.
"*" indicates required fields