Information Security Management Systems
(ISO 27001)
(ISO 27001)
Why ISO 27001?
As we are far too aware, data breaches and cyber attacks are on the rise, continuing to disrupt UK businesses of all shapes and sizes.
ISO 27001 is an internationally recognized standard for Information Security Management Systems (ISMS), designed to keep your business both safe from cyber attacks and also compliant with the ever growing list of legislation.
-
Protect data
From cyber attacks and other risks
-
Win more contracts
ISO 27001 is now a requirement for many frameworks
-
Improve customer confidence
With a globally recognised standard you send the signal that you take cyber security serious
-
Stay compliant
With GDPR and the ever growing list of legislation
Our Services
At LH Consultancy Services, we make obtaining and maintaining ISO 27001 straightforward for small and medium sized businesses. Our services related to ISO 27001 include:
-
Gap Analysis
Identify any gaps in your current documentation and what work needs to be done to ensure you are ready for ISO 27001 certification
-
Implementation Support
We can build your Information Security Management System from scratch including - Bespoke policies, procedures and documentation
-
Internal Auditing & Assessment Preparation
Make sure you are ready for your external assessment with thorough internal audits and assessment preparation
-
Maintenance Packages
After you have become certified we can help you maintain your certification annually so that you can get on with what you do best
Ready to protect your business from cyber threats and win more contracts?
Based in North Wales, we provide a range of ISO 27001 consultancy services for businesses and individuals across the UK including in major cities such as London, Birmingham, Liverpool, Wrexham, Chester, Bangor and Manchester.
Frequently Asked Questions (FAQs)
ISO 27001 is an international standard for information security management systems (QMS). It helps businesses improve both cyber and physical security, deliver consistent quality, and increase customer satisfaction. Certification shows customers and suppliers that your business meets an internationally recognised standard.
Yes. ISO 27001 is designed to work for organisations of any size from a sole trader up to a global company. The standard is flexible and so focuses upon how you operate rather than unnecessary bureaucracy.
For most businesses, ISO 27001 certification typically takes anywhere from 3 to 6 months to achieve.
The length of time can vary depending upon several factors – Your current processes, business size, business complexity and how quickly documentation can be implemented.
We will tailor the approach to your certification so that disruption is minimised.
It is not mandatory to have an ISO consultant, but it can save you significant time and internal resource. Some of the benefits of having an ISO consultant include – (1) They have a wealth of experience in implementing and maintaining ISO certification. (2) They can explain the ISO standards in simplistic terms avoiding complexity. (3) They can guide you through the entire process from start to finish.
The total cost of certification depends upon –
- The level of consultancy support required (If you use one)
- Certification body fees
- Business size and complexity
No – ISO 27001 should not require lots of paperwork especially when it is implemented correctly.
First and foremost, it should work for your business not against it.
An ISO management system is an interface between the ISO standard (In this case ISO 27001) and your business operations. Therefore, it should cause minimal disruption.
An ISO certification audit is usually carried out in two seperate parts –
Stage 1 – Review of documentation.
Stage 2 – Assessment of how processes work in practice.
There is almost always a gap between the two stages.
ISO 27001 certification lasts three years, with annual surveillance audits to ensure that you are maintaining compliance. Once our clients are certified we usually help them on an annual basis to prepare for the surveillance audit. This will involve carrying out internal audits, conducting management review meetings and sitting on your ISO assessment.