Show me desktop version
CALL US +1 (646) 759 9933

ISO 27001/ISO 22301 Knowledge base

Should your company go for the ISO 27001 / ISO 22301 certification?

Author: Dejan Kosutic

If your company is in the process of ISO 27001 or ISO 22301 implementation, you are probably wondering whether to go for the certification. And, as you probably know, certification is not mandatory – so you have to ask yourself one important question: Do you really need it?

Many organizations have implemented the standard(s) without going for the certification – one obvious example is banks and other financial institutions. Regulations in most countries are such that they had to implement very strict information security and business continuity procedures and safeguards, and the majority of them did that that using ISO 27001 and ISO 22301. But, very few of them got certified – they concluded that there was no business reason for them to do it.

And this is exactly what you need to do – consider carefully if you need the certificate. Here are the potential reasons why you might find the certification useful:

1) Marketing. You can use the certificate to get some new clients (because of, e.g., tenders), or to stay in the business (e.g., all your competitors already have the certificate).

2) Compliance. In rare cases some regulations will require you to implement ISO 27001 or ISO 22301, but you may have cases where you will sign contracts with clients which oblige you to implement information security or business continuity compliant with these standards. And instead of having to stand the auditors from each of your clients who want to check whether you complied with the contract, you can have the certification auditor do the job, and then show everyone else the certificate.

3) Internal pressure. In some companies, these kinds of projects will never finish unless there is powerful pressure – e.g., a clear deadline. So, if you agree with the certification body on a fixed date for the certification audit, both your management and your employees will have a much stronger sense of urgency for implementation.

4) Objective inputs. If you want your business continuity to be at a really high level, it is good to call in people with high experience and who know how you can benchmark with the best in the industry. Certification auditors will be more than happy to audit someone who is trying really hard and will provide inputs on what you could improve.

If you didn’t find yourself in any of these bullets, you probably don’t need the certificate at all – you can be one of those many companies that have implemented ISO 27001 and/or ISO 22301 because they understood the biggest value is in the methodology these two standards provide.

To learn more, check this free webinar  ISO 27001/ISO 22301: The certification process.

If you enjoyed this article, subscribe for updates

Improve your knowledge with our free resources on ISO 27001/ISO 22301 standards.

100% privacy respected. Unsubscribe at any time with a single click.

FREE ISO 27001/22301 CONSULTATION
Dejan Kosutic
Lead ISO 27001/22301 Expert, Advisera

GET FREE ADVICE

ISO 27001 & ISO 22301
Free Downloads

 

Documentation Toolkit

ISO 27001 & ISO 22301 Premium Documentation Toolkit

See Details

Upcoming free webinar
ISO 27001 implementation: How to make it easier using ISO 9001
Wednesday - October 25, 2017

OUR CLIENTS

OUR PARTNERS

  • Exemplar Global (formerly RABQSA) is leading international authority in certification of training providers.
  • ITIL® is a registered trade mark of AXELOS Limited. Used under licence of AXELOS Limited. All rights reserved.
  • DNV GL Business Assurance is one of the leading providers of accredited management systems certification.
Request callback
Request callback

Or call us directly

International calls
+1 (646) 759 9933