Show me desktop version

Go it alone

Because you have to create each document yourself, and try to figure out every step yourself, this is definitely the most labor- and time-intensive method. Lots of organizations try this first, but only a very few actually manage to become certified. Oftentimes, after several months (or even years) have gone by, these organizations find that they wasted countless hours and large sums of money without any results.

 

SHOW ME THE MATRIX

Bring in a consultant

It’s true that a consultant can lead you through the whole process, but after that comes a huge bill. But, if money isn’t a concern and you want to go this route, be sure and use our ISO 27001 / ISO 22301 consultant checklist to fully vet the consultant you select (consultants’ knowledge and experience can vary greatly).

 

SHOW ME THE MATRIX

Do it yourself with professional guidance

Do it yourself with professional guidance – This is the way 27001Academy does things. We give you everything you need: documentation templates, professional advice, online tutorials, and expert guidance. This way, you can get your ISO 27001 and/or ISO 22301 certification.

 

SHOW ME THE MATRIX

Examine Your Options

In this step, you’ll look at each of your implementation choices. You basically have three ways for your business to become certified in ISO 27001 or ISO 22301:

  • Go it alone – Because you have to create each document yourself, and try to figure out every step yourself, this is definitely the most labor- and time-intensive method. Lots of organizations try this first, but only a very few actually manage to become certified. Oftentimes, after several months (or even years) have gone by, these organizations find that they wasted countless hours and large sums of money without any results.
  • Bring in a consultant – It’s true that a consultant can lead you through the whole process, but after that comes a huge bill. But, if money isn’t a concern and you want to go this route, be sure and use our ISO 27001 / ISO 22301 consultant checklist to fully vet the consultant you select(consultants’ knowledge and experience can vary greatly).
  • Do it yourself with professional guidance – This is the way 27001Academy does things. We give you everything you need: documentation templates, professional advice, online tutorials, and expert guidance. This way, you can get your ISO 27001 and/or ISO 22301 certification without a consultant.

Free ISO 27001 / ISO 22301 Consultation

We have ISO 27001 & ISO 22301 consultants ready to talk to you about where your organization is and what actions to take next. We know how complicated things can get, and we’re here to provide guidance you can rely on.

Find more information and support in our ISO 27001 & ISO 22301 Blog

Business Continuity Management vs. Information Security vs. IT Disaster Recovery

For outsiders, it’s not easy to distinguish among the specific purposes of Business Continuity Management (BCM), Information Security (IS), and IT Disaster Recovery (IT DR). All three areas have something to do with “security,” “losses,” “disasters,” and “protection.” Read on to learn more about the particular roles of disciplines often ...Read more

Aligning information security with the strategic direction of a company according to ISO 27001

There is one requirement of ISO 27001 that is very rarely mentioned, and yet it is probably crucial for the long-term “survival” of an Information Security Management System (ISMS) in a company: this is the requirement from clause 5.1 that says that top management needs to ensure that the information security ...Read more

How to manage the security of network services according to ISO 27001 A.13.1.2

Everybody knows that information is stored in information systems (workstations, laptops, smartphones, etc.), but to exchange the information via a network is necessary. Most of the information systems in this world are connected to the same main network – Internet – and, without this network, our society would look pretty ...Read more

How to identify ISMS requirements of interested parties in ISO 27001

“If you do not know where you’re going, you’re unlikely to end there.” This saying from the title character in the movie Forrest Gump describes perfectly why many projects fail: lack of clear requirements. Definition of requirements is so important that, since 2012, all published ISO management systems standards, including ...Read more

EU GDPR controller vs. processor – What are the differences?

One of the questions that raised the most doubts in the organizations that I have worked with is: “In the scope of the EU GDPR (European General Data Protection Regulation), what is our responsibility in relation to the personal data that our customers handle in the scope of their business ...Read more

How to integrate ISO 27001 A.14 controls into the system/software development life cycle (SDLC)

Information security is only as good as the processes related to it, yet we find many organizations concerned only about whether security features exist and are active in their information systems, and not how they are developed, implemented, maintained, and improved. As a result, many information systems fail to protect ...Read more
Request callback
Request callback

Or call us directly

International calls
+1 (646) 759 9933