ISO 27001 the information security standard ensures that your organisation can demonstrate that you handle company information responsibly and that you implement adequate security measures. As a company, you shouldn't think about business information, such as customers' personal data, falling into the wrong hands. The ISO 27001 standard provides guidelines for establishing, implementing, executing, monitoring, assessing, maintaining and improving a documented Information Security Management System (ISMS). This ensures availability, integrity and confidentiality within your organisation. Working according to ISO 27001 certification, you as an organisation can show that all confidentiality risks are properly covered.

​

GAP analysis: ISO 27001

Do you want insight into whether your organisation is ready for ISO 27001 certification? Then have a GAP analysis carried out; this is often done to gain insight into where your organisation stands with regard to certification. Then you will know which certification requirements you meet and where the (biggest) gaps are. The GAP analysis is done in steps, introducing you to the standard and giving you an insight into what the ISO 27001 standard requires of your organisation.
During a GAP analysis, we look at the following topics, among others, together with your organisation. So that we can answer the questions below and provide insight:

 

• General: What is the structure of the documented information of the management system?

• Leadership and strategy: In what way has insight been provided into what you do as an organisation and which stakeholders are involved? In what way, for instance, are laws and regulations applicable to the business operations fleshed out?

• Process management: How are the activities carried out within the organisation and which processes are required for this and are covered by the management system?

• Employees and suppliers: What policies have been drawn up with regard to employees and suppliers? Who and what is needed to perform the primary process; the service provision? 

• IT infrastructure: Which hardware and software, network and facilities are used in your organisation?

• Software development: How is software developed in your organisation?

• Risk analysis: Which assets have been mapped out and which risks could occur here and then assessed? Continuous improvement: How will you secure the operation of your management system, the PDCA cycle, the monthly, recurring tasks in your management system, and make this assurance demonstrable?

​

Why certify according to ISO 27001; what are the advantages?

Protecting company data and information is of course important, the standard has more benefits for your organisation:

• It helps your company demonstrate compliance with relevant laws and regulations.

• It supports working according to an established policy.

• It provides trust and assurance for customers.

• Information security processes are well established, with the advantage that there are far fewer risks and therefore fewer incidents.

• Implemented within a few months.

​

The ISO 27001 audit

An audit-based certification process can be one you have not faced before. There can be many uncertainties, which can lead to stress. This is why we recommend implementing an ISMS, which helps your organisation make the certification process more pleasant. An ISMS helps you for step-by-step implementation of the information you need to add per topic. This allows your organisation to prepare properly for the audit and demonstrate to the auditor during the ISO 27001 that your organisation has its documentation in order.  An independent certification body (CB) assesses whether an organisation meets the certification criteria of the ISO 27001 standard. Deficiencies are reported by the CB if the process needs further improvement. If the audit results are positive, certification follows and you receive an official ISO 27001 certificate!

​

Plan Do Check Act (PDCA)

The ISO 27001 information security standard defines the steps for securing information using Plan Do Check Act (PDCA) cycle. You use the PDCA cycle to work on continuous improvement, which is an important part of your ISMS. An ISMS software tool can help you go through the PDCA steps in line with your organisation's objectives and risks. This way, you can ensure that continuous improvement takes place.

The PDCA cycle is the starting point of the ISO management system:

• 'Plan' phase: a plan is drawn up, in which you record what results you want to achieve and how this should be done

• 'Do' phase: the plan is linked to objectives and tasks to be carried out during the year.

• 'Check' phase:the actual results achieved are compared with the planned results.

• 'Act' phase: if adjustments are needed, they are made in the 're-act' phase. In addition, research is carried out into innovative possibilities and how these can be incorporated into the management system in the 'pro-act' phase.

​

GDPR in relation to ISO 27001

The General Data Protection Regulation (GDPR) is a European law created to ensure the protection of personal data within the EU. Compliance with the ISO 27001 standard helps your organization to implement appropriate and consistent measures for the protection of personal data.

​

Get started with information security

If you are an organisation getting started with information security, it is possible to implement an ISMS and apply for certification within four to five months with the help of Protify. It is important that the management system has been 'running' for some time before you have an external audit carried out. This prevents unnecessary deviations. Together, we ensure that all business processes through which information passes are made transparent, the required policy documentation is drawn up and we support the implementation. In consultation, we determine together which parts you will work out as an organisation, or when you have more limited time, have Protify work out.

Want to get started quickly and be certified within a few months? Or do you want to know where your organisation stands with the help of a GAP analysis? There is a tailor-made programme for every question. From advice to guidance and implementation.