Implementing ISO/IEC 27001 Information Security Management

Secure your valuable information assets by applying ISO/IEC 27001 to your business. Work with us to build an information security management system (ISMS) designed for your specific needs. 


Are you ready for implementation?

Each business has a unique set of data to manage and equally unique security risks to manage. And each organization is at a different stage with their information security management. That’s why we offer customized packages to help you put information security first. An ISO/IEC 27001 package can include only the products and services that your business needs.

We can help you to cut the cost of unnecessary products or services, and overcome the particular challenges you face. We’ll help you shape an ISO/IEC 27001 Project Plan with the systems you already have in place. And we’ll make sure that security quickly becomes paramount to the way you operate, whatever stage you’re at. 


Top tips for implementing ISO/IEC 27001

  1. Get commitment and support from senior management.
  2. Engage the whole business with good internal communication.
  3. Compare existing information security management with ISO/IEC 27001 requirements.
  4. Get customer and supplier feedback on current information security.
  5. Establish an implementation team to get the best results.
  6. Map out and share roles, responsibilities and timescales.
  7. Adapt the basic principles of the ISO/IEC 27001 standard to your business.
  8. Motivate staff involvement with training and incentives.
  9. Share ISO/IEC 27001 knowledge and encourage staff to train as internal auditors.
  10. Regularly review your ISO/IEC 27001 system to make sure you are continually improving it.  


How to get certified to ISO/IEC 20000-1

ISO/IEC 2000-1 Service Management system certification should be hassle-free. You’ll be appointed a BSI Client Manager, a trusted expert with relevant industry experience to your business, who can guide you through the process.

The steps to ISO/IEC 20000-1 certification:

1. ISO/IEC 20000-1 gap analysis

An optional service which takes place before your assessment visits. We’ll take a closer look at your existing information security management system and compare it with the requirements of the ISO/IEC 20000-1 standard. It’s a really cost effective way to check if there are any areas you need to work on before we carry out a formal assessment.

2. Formal assessment

A two-stage process. First your BSI Client Manager will review your organization’s readiness for assessment by checking if the necessary ISO/IEC 20000-1 procedures and controls have been developed in your organization. We will share the details of our findings with you so that if we find gaps, you can close them. Next, if all the requirements are in place, we’ll assess the implementation of the procedures and controls within your organization to make sure that they are working effectively as required for certification of ISO/IEC 20000-1. 

3. Certification and beyond

When you achieve certification you’ll receive your BSI ISO/IEC 20000-1 certificate which is valid for three years. Your BSI Client Manager will visit you regularly to make sure your system doesn’t just remain compliant, but it continually improves and adds value to your organization.